Windows
Analysis Report
SpotifyWidgetProvider.exe
Overview
General Information
Sample name: | SpotifyWidgetProvider.exe |
Analysis ID: | 1529303 |
MD5: | 96d69dea15c182edbbb8bd178e063959 |
SHA1: | 392e8fe31010daf9ef6b648d0f3d67d43c4ef87d |
SHA256: | fac4407a29441b55b19390114468ca109fa7eb081f14ec829fad386aa10b5263 |
Errors
|
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529303 |
Start date and time: | 2024-10-08 20:37:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 1 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SpotifyWidgetProvider.exe |
Detection: | UNKNOWN |
Classification: | unknown1.winEXE@0/0@0/0 |
Cookbook Comments: |
|
- No process behavior to analyse as no analysis process or sample was found
- Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.
- Exclude process from analysis (whitelisted): dllhost.exe
- VT rate limit hit for: SpotifyWidgetProvider.exe
File type: | |
Entropy (8bit): | 6.552754335025239 |
TrID: |
|
File name: | SpotifyWidgetProvider.exe |
File size: | 3'145'728 bytes |
MD5: | 96d69dea15c182edbbb8bd178e063959 |
SHA1: | 392e8fe31010daf9ef6b648d0f3d67d43c4ef87d |
SHA256: | fac4407a29441b55b19390114468ca109fa7eb081f14ec829fad386aa10b5263 |
SHA512: | e9d4712622652fa6ad9372f7f4196cbeafa142c4f52d962086a6771a19a069ab77d1840b153ce966388d8cc9f845c8b7951f3260de0af41202f0fa2334154232 |
SSDEEP: | 49152:nRBbX0a5CPYnJOBI5Goh7RDrsPmQcSk6UJvugFO/6rQ5e0b8VTiXi+OKN84+M:nR3vjdxO/a2i+B |
TLSH: | D9E56D9B62B801E9D0BBD178CA079D0BE7B678470262E74F13B446A72F676705F2E311 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.4.X.g.X.g.X.gw&.g.X.g. .f.X.g. .f.X.g. .f.X.gw&.f.X.gw&.f.X.gw&.f.X.g. .f.X.g. }g.X.gLP.g.X.g.X.g.Y.g.'.f.X.g.'.f.Y.g.'.f.X. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x1400034b0 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x520748C4 [Sun Aug 11 08:18:12 2013 UTC] |
TLS Callbacks: | 0x4009d3ac, 0x1, 0x40206798, 0x1, 0x4020d3d0, 0x1, 0x4020d4c0, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 0ae6e9eecef3e749a967f66f624c4d12 |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F5CD10ACE00h |
dec eax |
add esp, 28h |
jmp 00007F5CD10ACA17h |
int3 |
int3 |
dec eax |
sub esp, 28h |
call 00007F5CD10AD34Ch |
test eax, eax |
je 00007F5CD10ACBC3h |
dec eax |
mov eax, dword ptr [00000030h] |
dec eax |
mov ecx, dword ptr [eax+08h] |
jmp 00007F5CD10ACBA7h |
dec eax |
cmp ecx, eax |
je 00007F5CD10ACBB6h |
xor eax, eax |
dec eax |
cmpxchg dword ptr [008D9F58h], ecx |
jne 00007F5CD10ACB90h |
xor al, al |
dec eax |
add esp, 28h |
ret |
mov al, 01h |
jmp 00007F5CD10ACB99h |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
movzx eax, byte ptr [008D9F43h] |
test ecx, ecx |
mov ebx, 00000001h |
cmove eax, ebx |
mov byte ptr [008D9F33h], al |
call 00007F5CD10AD14Bh |
call 00007F5CD10AD4F6h |
test al, al |
jne 00007F5CD10ACBA6h |
xor al, al |
jmp 00007F5CD10ACBB6h |
call 00007F5CD10B57F5h |
test al, al |
jne 00007F5CD10ACBABh |
xor ecx, ecx |
call 00007F5CD10AD506h |
jmp 00007F5CD10ACB8Ch |
mov al, bl |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
cmp byte ptr [008D9EF8h], 00000000h |
mov ebx, ecx |
jne 00007F5CD10ACC09h |
cmp ecx, 01h |
jnbe 00007F5CD10ACC0Ch |
call 00007F5CD10AD2B2h |
test eax, eax |
je 00007F5CD10ACBCAh |
test ebx, ebx |
jne 00007F5CD10ACBC6h |
dec eax |
lea ecx, dword ptr [008D9EE2h] |
call 00007F5CD10ACC12h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c98e8 | 0x104 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x621f0c | 0x1eedc | .data |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x8ffc00 | 0x2948 | .pdata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x904000 | 0x4b88 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x299450 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x299500 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x299310 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x255000 | 0x8b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x253cd8 | 0x253e00 | 88f9330c99cb0873bee5a508126e20e0 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x255000 | 0x76610 | 0x76800 | 7e546aa98ca42d59a404b7fd3a2b5968 | False | 0.4480794270833333 | data | 6.13787699067046 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2cc000 | 0x617f24 | 0x611600 | ed0427cc297444b5cae30653ce395039 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x8e4000 | 0x1ed50 | 0x1ee00 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0x903000 | 0x15c | 0x200 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x904000 | 0x4b88 | 0x4c00 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
api-ms-win-core-winrt-string-l1-1-0.dll | WindowsCreateStringReference |
api-ms-win-core-winrt-l1-1-0.dll | RoGetActivationFactory, RoActivateInstance |
dbghelp.dll | SymFromAddr |
ADVAPI32.dll | LookupAccountNameW, CryptEnumProvidersA, CryptGenRandom, CryptReleaseContext, CryptAcquireContextA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, ConvertSidToStringSidW, GetCurrentHwProfileW |
KERNEL32.dll | CompareStringEx, FreeLibraryAndExitThread, ExitThread, TrySubmitThreadpoolCallback, GetSystemTimePreciseAsFileTime, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, RtlUnwindEx, InterlockedPushEntrySList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, RtlUnwind, GetStdHandle, WriteFile, GetModuleFileNameW, GetCurrentProcess, ExitProcess, TerminateProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, GetCurrentThread, OutputDebugStringW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetFileType, GetStringTypeW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, ReadFile, ReadConsoleW, CreateFileW, CloseHandle, WriteConsoleW, DebugBreak, GetModuleFileNameA, FormatMessageW, AllocConsole, AttachConsole, GetCurrentConsoleFont, Sleep, LocalFree, FormatMessageA, GetVersionExW, GetComputerNameW, GetFileInformationByHandle, GetFileSize, LockFile, LockFileEx, SetEndOfFile, SetFilePointer, UnlockFile, GetOverlappedResult, SetEvent, ReleaseMutex, WaitForSingleObject, CreateMutexA, CreateEventW, CreateThread, OpenProcess, GetSystemInfo, GetVersion, VirtualAlloc, CreateFileMappingW, MapViewOfFileEx, UnmapViewOfFile, OpenMutexA, VerSetConditionMask, GetNativeSystemInfo, GetModuleHandleA, LoadLibraryA, LoadLibraryW, VerifyVersionInfoW, CreateDirectoryW, DeleteFileW, FindFirstFileW, GetFileAttributesW, GetFileAttributesExW, RemoveDirectoryW, GetTempPathA, GetLocalTime, MapViewOfFile, MoveFileW, GetSystemPowerStatus, AreFileApisANSI, GetDiskFreeSpaceExW, SetFileAttributesW, DeviceIoControl, CreateDirectoryExW, CreateSemaphoreA, ReleaseSemaphore, CreateEventA, WaitForSingleObjectEx, DuplicateHandle, PostQueuedCompletionStatus, WaitForMultipleObjects, QueueUserAPC, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, ResetEvent, SleepEx, OpenEventA, SetWaitableTimer, OutputDebugStringA, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, InitializeConditionVariable, WakeConditionVariable, SleepConditionVariableSRW, GetLogicalProcessorInformation, QueryPerformanceFrequency, GetProcessTimes, WriteConsoleA, GetConsoleScreenBufferInfo, SetConsoleTextAttribute, WaitForMultipleObjectsEx, CreateWaitableTimerW, ResumeThread, SetThreadDescription, LCMapStringEx, DecodePointer, InitializeCriticalSectionEx, GetTimeZoneInformation, SwitchToThread, GetLocaleInfoEx, CloseThreadpoolWork, SubmitThreadpoolWork, CreateThreadpoolWork, FreeLibraryWhenCallbackReturns, InitOnceComplete, InitOnceBeginInitialize, WakeAllConditionVariable, TryAcquireSRWLockExclusive, GetExitCodeThread, ReplaceFileW |
USER32.dll | GetSystemMetrics, CreateWindowExA, RegisterClassExA, DispatchMessageW, TranslateMessage, DefWindowProcW, GetMessageW, PostQuitMessage |
SHELL32.dll | ShellExecuteW |
ole32.dll | CoRevokeClassObject, CoInitialize, CoCreateInstance, CoSetProxyBlanket, CoUninitialize, CoRegisterClassObject, CoResumeClassObjects, CoTaskMemFree, CoCreateFreeThreadedMarshaler, CoGetObjectContext, CoGetApartmentType, CoTaskMemAlloc, CoInitializeEx |
OLEAUT32.dll | SysAllocString, SysFreeString, SysStringLen, GetErrorInfo, SetErrorInfo, VariantClear |
WS2_32.dll | accept, freeaddrinfo, getaddrinfo, WSAStringToAddressW, WSAAddressToStringW, getpeername, WSAGetLastError, WSASetLastError, socket, htons, connect, ntohl, htonl, getsockname, closesocket, WSACleanup, WSAStartup, listen, bind, setsockopt, WSAWaitForMultipleEvents, WSASend, WSARecv, WSAEventSelect, WSAEnumNetworkEvents, shutdown |
bcrypt.dll | BCryptGenRandom, BCryptOpenAlgorithmProvider, BCryptCloseAlgorithmProvider |