Manalyze report for 4bb91387809ca5546784f415175842e6f1eafc0164efade3e3ab2bba552f49c9

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Aug-16 14:01:05
Detected languages	English - United States
CompanyName	Spotify AB
FileDescription	Spotify Music Player
FileVersion	`1.70.368.0`
InternalName	Spotify.exe
LegalCopyright	Copyright (C) 2023 Spotify AB
OriginalFilename	Spotify.exe
ProductName	Spotify
ProductVersion	`1.70.368.0`
Comments	Music streaming application

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`61343cff19ac4ba23435929270122df6`
SHA1	`a5678fd7d0b75032e94ad041423675d7d031ff84`
SHA256	`4bb91387809ca5546784f415175842e6f1eafc0164efade3e3ab2bba552f49c9`
SHA3	`024e765a3420bb639be818e627b08721ddc16514e838cf348aab0e88906641a1`
SSDeep	`3072:7pv4ZeFbrCkR/leIWznAH3Ko2tp4iz4IhvTgEAuZnVC3o:R4ZeFvlR/leIWznQKAizXpn0`
Imports Hash	`d0d498d37e3a3d53778bcfffe16ebde5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2025-Aug-16 14:01:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1a200`
SizeOfInitializedData	`0x10c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000009FCC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b0c0f21508ef58c7e78840fbe1c28215`
SHA1	`597dc10267282cdf093ac5db22b4f6af0127dec9`
SHA256	`d6555366c0a4f176371b6c5e3483969abf875b5a6fa175307acc6f8217d7ce71`
SHA3	`199ee462766fc1f19d529ae5be740dd1f304df2d4805b21e924553b82b93db85`
VirtualSize	`0x1a0c0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.46908`

.rdata

MD5	`3e4cab77d815c66dd09e95d0f41c129d`
SHA1	`f189bf60954680000e6a2b22be9bd5ab4b1c25be`
SHA256	`a4053faa193751cc14a6687537e8bb6e2ff82f6fad5cb4115a879bc2aaa5e3b7`
SHA3	`9e60835129c5e201d74551e3cd8bb205b3e8067f21abf84728022f2ccd89e883`
VirtualSize	`0xb996`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x1a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84051`

.data

MD5	`5922ee07912fcaa6373792943a6c67ec`
SHA1	`a26c951ae44f020a0bd18206b131fd325b18e6ca`
SHA256	`68ae82ce9139d2cede7a9452fee027926511140774cc0b4f793b7e253f12a6bf`
SHA3	`7f0c57ff704ac3e619bbdeadd17dc7afe2ee93280a1dac193bf6f9aa45860c62`
VirtualSize	`0x234c`
VirtualAddress	`0x28000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x26000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.33376`

.pdata

MD5	`d287964d4fbff367e23ddd9c6e4031c4`
SHA1	`e34c0eab52503380052c5e0aa20ae23c23a93ffb`
SHA256	`874a61451975ceaeac53b72e8e25cb81ed0fc07438e27554756462978b0be289`
SHA3	`535943ce0cccda5da508dd4f97468a34d49575d8d09d47cda7fefe4d29f2e532`
VirtualSize	`0x1a1c`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x26c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0293`

_RDATA

MD5	`7c7f5ab086693fccdc0e6b19f8cd321d`
SHA1	`7bb2dedf6492fb921d386ce1f3c6632dcc991f1d`
SHA256	`5bb476f148ff60ae561555986d2c6d860fea8450344d5f19d284a92a1318f0ca`
SHA3	`997742f248f0a8851e42bfebb4db8764f7d36daf992abe827ef462f31aaa7b10`
VirtualSize	`0x1f4`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68854`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`74d3e2a84a381344bf3d55e0dd7cc47c`
SHA1	`2318bff5efecb00a07e2803bc8a8de56328cbbb7`
SHA256	`e400e058cf2b62508d45e43246dcd528ee7a53a07adc257f2edd4c553ae31bc3`
SHA3	`4597be1841b016ae4be78bd93a54219751a10e1293dcfce1f382da19eb5174d0`
VirtualSize	`0x558`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85551`

.reloc

MD5	`0f6cf9509df2b451b13ecf7320599bc2`
SHA1	`665adc9c507034df84c15a6c139cab3d87d9a7ce`
SHA256	`28015e300dbadc2adf817f4bd6d2e457f9a8b6b15ef2c34543847be290a0446d`
SHA3	`3134060f935503e5eb50736a9ad4a0e3768018c3169409794bfd7980b64f59b1`
VirtualSize	`0x698`
VirtualAddress	`0x30000`
SizeOfRawData	`0x800`
PointerToRawData	`0x29200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.97701`

Imports

bcrypt.dll	`BCryptOpenAlgorithmProvider` `BCryptGenRandom` `BCryptCloseAlgorithmProvider`
KERNEL32.dll	`SetUnhandledExceptionFilter` `WriteConsoleW` `CreateFileW` `HeapReAlloc` `Sleep` `CloseHandle` `GetCurrentProcessId` `HeapSize` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetStringTypeW` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WideCharToMultiByte` `MultiByteToWideChar` `GetCommandLineW` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentThreadId` `InitializeCriticalSectionEx` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetProcAddress` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `GetLastError` `SetLastError` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `VirtualProtect` `LCMapStringW` `GetFileType` `SetFilePointerEx` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA`
USER32.dll	`DefWindowProcW` `CreateWindowExW` `ShowWindow` `GetAsyncKeyState` `DispatchMessageW` `PeekMessageW` `RegisterClassW` `SetLayeredWindowAttributes` `TranslateMessage` `GetDesktopWindow` `PostQuitMessage` `GetClientRect`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42644`
MD5	`2f73d89468d1c48b06e8cd83397d92c1`
SHA1	`60a37c8378799b212f64c3a393fd03295f8ff542`
SHA256	`681874b520d92333dffdba2a9c430a6d4e4cfc192b88658206ec7db5ad18f109`
SHA3	`b98c82a00253321584281fafac44cb1984394b2717ae52e0b3a16c92ead05cfe`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.70.368.0
ProductVersion	1.70.368.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Spotify AB
FileDescription	Spotify Music Player
FileVersion (#2)	1.70.368.0
InternalName	Spotify.exe
LegalCopyright	Copyright (C) 2023 Spotify AB
OriginalFilename	Spotify.exe
ProductName	Spotify
ProductVersion (#2)	1.70.368.0
Comments	Music streaming application

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Aug-16 14:01:05
Version	`0.0`
SizeofData	`1048`
AddressOfRawData	`0x24ae8`
PointerToRawData	`0x230e8`

TLS Callbacks

StartAddressOfRawData	`0x140024f48`
EndAddressOfRawData	`0x140024f50`
AddressOfIndex	`0x140029658`
AddressOfCallbacks	`0x14001c3a0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140028040`

RICH Header

XOR Key	`0x8de52ff5`
Unmarked objects	`0`
C++ objects (33140)	`147`
C objects (33140)	`13`
ASM objects (33140)	`6`
Unmarked objects (#2)	`2`
C objects (VS 2015-2022 runtime 33030)	`17`
ASM objects (VS 2015-2022 runtime 33030)	`17`
C++ objects (VS 2015-2022 runtime 33030)	`57`
Imports (33140)	`9`
Total imports	`153`
C++ objects (LTCG) (33145)	`4`
Resource objects (33145)	`1`
151	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.