General

Malware Config

Signatures

Files

• Spotify Actualizado.rar

  .rar
• Spotify/Block/.gitattributes
• Spotify/Block/.github/ISSUE_TEMPLATE/bug_report.md
• Spotify/Block/.gitignore
• Spotify/Block/BlockTheSpot.bat

  .bat .ps1
• Spotify/Block/LICENSE
• Spotify/Block/README.md

  .ps1
• Spotify/Block/config.ini
• Spotify/Block/install.ps1

  .ps1
• Spotify/Block/src/BlockTheSpot.cpp
• Spotify/Block/src/BlockTheSpot.vcxproj
• Spotify/Block/src/BlockTheSpot.vcxproj.filters
• Spotify/Block/src/BlockTheSpot.vcxproj.user
• Spotify/Block/src/Config.h
• Spotify/Block/src/Logger.h
• Spotify/Block/src/Modify.cpp
• Spotify/Block/src/Modify.h
• Spotify/Block/src/Resource.rc
• Spotify/Block/src/chrome_elf.def
• Spotify/Block/src/disasm-lib/cpu.c
• Spotify/Block/src/disasm-lib/cpu.h
• Spotify/Block/src/disasm-lib/disasm.c
• Spotify/Block/src/disasm-lib/disasm.h
• Spotify/Block/src/disasm-lib/disasm_x86.c
• Spotify/Block/src/disasm-lib/disasm_x86.h
• Spotify/Block/src/disasm-lib/disasm_x86_tables.h
• Spotify/Block/src/disasm-lib/misc.h
• Spotify/Block/src/dllmain.cpp
• Spotify/Block/src/hosts.cpp
• Spotify/Block/src/hosts.h
• Spotify/Block/src/mhook-lib/mhook.cpp
• Spotify/Block/src/mhook-lib/mhook.h
• Spotify/Block/src/resource.h
• Spotify/Block/src/stdafx.cpp
• Spotify/Block/src/stdafx.h
• Spotify/Block/src/targetver.h
• Spotify/Block/uninstall.bat
• Spotify/Block/zlink/css/zlink.css
• Spotify/Block/zlink/images/candy_pattern.png

  .png
• Spotify/Block/zlink/images/connect_devices.svg
• Spotify/Block/zlink/images/icon-sad.png

  .png
• Spotify/Block/zlink/images/share/facebook.svg
• Spotify/Block/zlink/images/share/messenger.svg
• Spotify/Block/zlink/images/share/skype.svg
• Spotify/Block/zlink/images/share/telegram.svg
• Spotify/Block/zlink/images/share/tumblr.svg
• Spotify/Block/zlink/images/share/twitter.svg
• Spotify/Block/zlink/images/sw_saber_anakin.png

  .png
• Spotify/Block/zlink/images/sw_saber_luke.png

  .png
• Spotify/Block/zlink/images/sw_saber_vader.png

  .png
• Spotify/Block/zlink/index.html

  .html
• Spotify/Block/zlink/libs/ad-formats/images/logo_spotlight.svg
• Spotify/Block/zlink/manifest.json
• Spotify/Block/zlink/zlink.bundle.js

  .js
• Spotify/Setup/SpotifySetup.exe

  .exe windows x86

  a22b565dde4c8631406f5c579ec530d1

  
  

  Code Sign

  0f:4d:8f:26:8e:e8:0d:c8:85:9e:7c:c1:18:74:e4:0c

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  19-11-2020 00:00

  Not After

  23-11-2021 23:59

  Subject

  SERIALNUMBER=5567037485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2d:8d:4d:56:5f:bb:76:c1:fb:08:a3:a4:65:8f:87:bb:b8:d2:05:17:02:c2:ee:84:a5:dc:8b:b5:54:66:24:db

  Signer

  Actual PE Digest

  2d:8d:4d:56:5f:bb:76:c1:fb:08:a3:a4:65:8f:87:bb:b8:d2:05:17:02:c2:ee:84:a5:dc:8b:b5:54:66:24:db

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=5567037485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

  22-06-2021 08:53

  Valid: true

  Chain 1

  SERIALNUMBER=5567037485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  comctl32

  InitCommonControlsEx

  shell32

  SHGetFolderPathW

  SHChangeNotify

  ShellExecuteW

  kernel32

  CreateMutexW

  OpenMutexW

  Sleep

  GetCurrentProcess

  GetExitCodeProcess

  CreateProcessW

  GetLocalTime

  GetModuleHandleW

  GetProcAddress

  LoadLibraryExA

  VerifyVersionInfoW

  CompareStringW

  MultiByteToWideChar

  WideCharToMultiByte

  SetEvent

  CreateEventW

  CreateThread

  GetTickCount

  FormatMessageA

  FormatMessageW

  LocalFree

  GetLocaleInfoA

  GetUserDefaultUILanguage

  MapViewOfFile

  UnmapViewOfFile

  OpenMutexA

  CreateFileMappingA

  OpenFileMappingA

  LoadLibraryW

  TerminateProcess

  OpenProcess

  GetModuleFileNameW

  CreateDirectoryW

  DeleteFileW

  GetFileAttributesW

  RemoveDirectoryW

  MoveFileExW

  GetCurrentProcessId

  DeleteCriticalSection

  ResetEvent

  ReleaseSemaphore

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileAttributesExW

  GetFileInformationByHandle

  WaitForSingleObject

  InitializeCriticalSection

  SetEndOfFile

  SetFilePointerEx

  DeviceIoControl

  CopyFileW

  AreFileApisANSI

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  GetStdHandle

  GetConsoleMode

  SetLastError

  CreateFileA

  GetFileSize

  SetFilePointer

  GetSystemInfo

  MapViewOfFileEx

  GetModuleHandleA

  RaiseException

  SetStdHandle

  GetProcessHeap

  SetEnvironmentVariableW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  GetTimeZoneInformation

  HeapReAlloc

  ReadConsoleW

  GetFileSizeEx

  ReadFile

  GetConsoleCP

  FlushFileBuffers

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetFileType

  HeapAlloc

  HeapFree

  LeaveCriticalSection

  ExitProcess

  GetModuleHandleExW

  GetLastError

  CloseHandle

  WriteFile

  CreateFileW

  GetCommandLineW

  VerSetConditionMask

  HeapSize

  WriteConsoleW

  VirtualQuery

  RtlUnwind

  EnterCriticalSection

  FindFirstFileExW

  TryEnterCriticalSection

  InitOnceBeginInitialize

  InitOnceComplete

  EncodePointer

  DecodePointer

  QueryPerformanceCounter

  InitializeCriticalSectionAndSpinCount

  SwitchToThread

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  WaitForSingleObjectEx

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  InitializeSListHead

  SignalObjectAndWait

  SetThreadPriority

  GetThreadPriority

  GetLogicalProcessorInformation

  CreateTimerQueueTimer

  ChangeTimerQueueTimer

  DeleteTimerQueueTimer

  GetNumaHighestNodeNumber

  GetProcessAffinityMask

  SetThreadAffinityMask

  RegisterWaitForSingleObject

  UnregisterWait

  GetCurrentThread

  GetThreadTimes

  FreeLibrary

  FreeLibraryAndExitThread

  LoadLibraryExW

  GetVersionExW

  VirtualAlloc

  VirtualProtect

  VirtualFree

  DuplicateHandle

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  InterlockedFlushSList

  QueryDepthSList

  UnregisterWaitEx

  CreateTimerQueue

  user32

  SendMessageTimeoutA

  LoadIconW

  LoadCursorW

  SetWindowLongW

  GetWindowLongW

  MessageBoxW

  AdjustWindowRect

  GetSystemMetrics

  GetWindowThreadProcessId

  GetActiveWindow

  SetDlgItemTextW

  FindWindowA

  ShowWindow

  CreateWindowExW

  RegisterClassExW

  DefWindowProcW

  PostMessageW

  SendMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  wsprintfA

  SetTimer

  GetDlgItem

  gdi32

  GetStockObject

  ole32

  CoCreateInstance

  CoInitializeEx

  advapi32

  RegSetValueExW

  RegOpenKeyExW

  RegDeleteValueW

  RegCreateKeyExW

  OpenProcessToken

  GetTokenInformation

  Sections

  .text

  Size: 562KB - Virtual size: 562KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 227KB - Virtual size: 226KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 30KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 51KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ