Manalyze report for fc7439662a0a8f191e9a2d3576be4de7654e6252f5b0c06707ec42ff9ac956ec

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-04 15:09:16
Detected languages	English - United States
CompanyName	Spotify AB
FileDescription	Spotify Music Player
FileVersion	`1.70.368.0`
InternalName	Spotify.exe
LegalCopyright	Copyright (C) 2023 Spotify AB
OriginalFilename	Spotify.exe
ProductName	Spotify
ProductVersion	`1.70.368.0`
Comments	Music streaming application

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`95f5d5e4b11e1a42dd7dc1f9f03be254`
SHA1	`28844f2955ae5f420b18fb4b805b1eafb7d239c7`
SHA256	`fc7439662a0a8f191e9a2d3576be4de7654e6252f5b0c06707ec42ff9ac956ec`
SHA3	`815d0d68948ecb636bc9a9047959fc4078edbac76e553e2b8287bd7d949031e5`
SSDeep	`3072:y1ZQQsLMXCVtkUD/lLiKQW5awYxRskOIopFcJzt4kLDw1IETxWv:sKQsLMSVmUDd+W5myk7ztZET`
Imports Hash	`e68efc97860d90960b49a844afd8df34`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-May-04 15:09:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x20e00`
SizeOfInitializedData	`0x17c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000B4A4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2f3e5b3d469bf9c8ed927b947bf13a01`
SHA1	`4d0341fb05dbf7c5905675e24ca864e63815e556`
SHA256	`a545c6f2cc02356d19d6bfccf9d8627d2935532f059273201eabdfc26cf543a6`
SHA3	`568f8bdfe06672e85c88e478e4078caefdb864b555baf20a425ac57d6bee0569`
VirtualSize	`0x20c48`
VirtualAddress	`0x1000`
SizeOfRawData	`0x20e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.494`

.rdata

MD5	`6d52a39d6b7d56da882385e7db16a032`
SHA1	`ae8151fcaed48b67385464a9a5d6a60b96e207e4`
SHA256	`2f39526478defac3a9548a40e988a7e4d4fbc68f7cc4d70807d4aeba898c6584`
SHA3	`151f41601ce175c57db1bc9679826d2af333ae47529a9432e304bddd77aa1cb1`
VirtualSize	`0x1204a`
VirtualAddress	`0x22000`
SizeOfRawData	`0x12200`
PointerToRawData	`0x21200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.27565`

.data

MD5	`11eea82b04fbe5a104f302e852f34e46`
SHA1	`79c670d01448ec7a2e756d7bfa1bf5efb43d5ac8`
SHA256	`b605bd5864b8aef2e425e9edf8a52122452db554a25fb35c352d4c08907906d0`
SHA3	`922194fa5341860347eaf4985531ac415eba6b4b4d835ebfb8163584e9f3a390`
VirtualSize	`0x2b34`
VirtualAddress	`0x35000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.34001`

.pdata

MD5	`b4a493fa2f483b5c026211a25404ec8f`
SHA1	`468d482189cbbc273482cbfeb55c5dbbb6d6de07`
SHA256	`9575395b0a589ca42c16eb8f8f8dffecb026de05b398456180402a9b3c7f98c6`
SHA3	`ab6e1f0e8690cabea9332389496693e7aad4bfe00ea661c62aa1ba76e6e386bb`
VirtualSize	`0x1c20`
VirtualAddress	`0x38000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x34600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10128`

.rsrc

MD5	`6fcf4b901cebdae6b286235442c8e4ce`
SHA1	`5571490987b18c35a100b752ba8506594d727aed`
SHA256	`b7480c167f83eab17420135baca31cae2b7786c3925c39e26d5d887d3ac86de5`
SHA3	`534e0cdd424fb2940ebd6dcc12ecb7ddd048317fc83fbd149e31933677759532`
VirtualSize	`0x558`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x36400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85476`

.reloc

MD5	`50d34a108cc007ba20fb7c747ad55826`
SHA1	`fd22e41714406f220ff03fc74172ca5d79778ebd`
SHA256	`478231fe6b8000f6b9afd33c5f89d7eada86651a98d4c029b86f2672b2fa3dec`
SHA3	`ae4eef51f7f54524b459f41139d145a50a094f620be42dd7bd1a72f907ac7a30`
VirtualSize	`0x934`
VirtualAddress	`0x3b000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x36a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.27774`

Imports

bcrypt.dll	`BCryptCloseAlgorithmProvider` `BCryptGenRandom` `BCryptOpenAlgorithmProvider`
KERNEL32.dll	`VirtualProtect` `GetCurrentProcess` `FlushInstructionCache` `OutputDebugStringA` `Sleep` `CloseHandle` `CreateThread` `HeapSize` `GetCurrentProcessId` `MultiByteToWideChar` `VirtualQuery` `CreateFileW` `SetStdHandle` `GetProcessHeap` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `WriteConsoleW` `DeleteCriticalSection` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetCurrentThreadId` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `WideCharToMultiByte` `InitializeCriticalSectionEx` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetProcAddress` `WakeAllConditionVariable` `EnterCriticalSection` `LeaveCriticalSection` `EncodePointer` `DecodePointer` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `LCMapStringW` `GetFileType` `SetFilePointerEx` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `HeapReAlloc` `FindClose`
USER32.dll	`DefWindowProcW` `CreateWindowExW` `GetSystemMetrics` `ShowWindow` `GetAsyncKeyState` `DispatchMessageW` `PeekMessageW` `RegisterClassW` `SetProcessDPIAware` `TranslateMessage` `PostQuitMessage` `SetLayeredWindowAttributes`
GDI32.dll	`SelectObject` `DeleteObject` `CreateFontA`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x334`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42644`
MD5	`2f73d89468d1c48b06e8cd83397d92c1`
SHA1	`60a37c8378799b212f64c3a393fd03295f8ff542`
SHA256	`681874b520d92333dffdba2a9c430a6d4e4cfc192b88658206ec7db5ad18f109`
SHA3	`b98c82a00253321584281fafac44cb1984394b2717ae52e0b3a16c92ead05cfe`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.70.368.0
ProductVersion	1.70.368.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Spotify AB
FileDescription	Spotify Music Player
FileVersion (#2)	1.70.368.0
InternalName	Spotify.exe
LegalCopyright	Copyright (C) 2023 Spotify AB
OriginalFilename	Spotify.exe
ProductName	Spotify
ProductVersion (#2)	1.70.368.0
Comments	Music streaming application

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-May-04 15:09:16
Version	`0.0`
SizeofData	`1052`
AddressOfRawData	`0x30ee8`
PointerToRawData	`0x300e8`

TLS Callbacks

StartAddressOfRawData	`0x140031350`
EndAddressOfRawData	`0x140031358`
AddressOfIndex	`0x140036d50`
AddressOfCallbacks	`0x140022458`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140035080`

RICH Header

XOR Key	`0x2b5b3fe`
Unmarked objects	`0`
C++ objects (33145)	`176`
C objects (33145)	`20`
ASM objects (33145)	`8`
ASM objects (35207)	`10`
C objects (35207)	`17`
C++ objects (35207)	`92`
Imports (33145)	`9`
Total imports	`169`
C++ objects (LTCG) (35226)	`6`
Resource objects (35226)	`1`
151	`1`
Linker (35226)	`1`

Errors

Leave a comment

No comments yet.