[Bug] The file with Gzip compressed downloaded by ABDM is incorrect #1008
Description
📝 Description
I tried to download overwolf installer from the official link below
After the file was fully downloaded, i tried to run it on my pc, and the Windows said that this program cannot be run on the computer (screenshot below)
🏷️ App Version
1.8.3
💻 Platform
Windows 11
📦 Installation Type (optional)
.exe installer
⚙️ System/Device Details (optional)
No response
🔁 Steps to Reproduce
Just download the file from the link below by using ABDM, and it will produce an invalid executable file.
✅ Expected Behavior
The executable file cannot be run on Windows.
📷 Screenshots or Recordings (optional)
🗒️ Additional Information (optional)
After i disabled the extension from my edge temporarily and re-download the file by using the downloader integrated in Microsoft Edge, the file can work pretty well.
The detailed http request displayed like the result below.
$ curl -vv https://download.overwolf.com/install/Download\?utm_content\=new-light
18:45:39.778856 [0-0] * Host download.overwolf.com:443 was resolved.
18:45:39.778921 [0-0] * IPv6: (none)
18:45:39.778936 [0-0] * IPv4: 3.165.75.19, 3.165.75.28, 3.165.75.80, 3.165.75.100
18:45:39.778956 [0-0] * [HTTPS-CONNECT] adding wanted h2
18:45:39.778983 [0-0] * [HTTPS-CONNECT] added
18:45:39.779013 [0-0] * [HTTPS-CONNECT] connect, init
18:45:39.779066 [0-0] * Trying 3.165.75.19:443...
18:45:39.779764 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:39.779986 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:39.780007 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:39.810142 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:39.810190 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:39.810207 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:39.830696 [0-0] * ALPN: curl offers h2,http/1.1
18:45:39.831683 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
18:45:39.846143 [0-0] * CAfile: /etc/ssl/certs/ca-certificates.crt
18:45:39.846201 [0-0] * CApath: /etc/ssl/certs
18:45:39.846246 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:39.846256 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:39.846289 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:39.876992 [0-0] * TLSv1.3 (IN), TLS handshake, Server hello (2):
18:45:39.878015 [0-0] * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
18:45:39.879877 [0-0] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
18:45:39.879964 [0-0] * TLSv1.3 (IN), TLS handshake, Certificate (11):
18:45:39.881598 [0-0] * TLSv1.3 (IN), TLS handshake, CERT verify (15):
18:45:39.881740 [0-0] * TLSv1.3 (IN), TLS handshake, Finished (20):
18:45:39.881859 [0-0] * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
18:45:39.881952 [0-0] * TLSv1.3 (OUT), TLS handshake, Finished (20):
18:45:39.882078 [0-0] * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519MLKEM768 / id-ecPublicKey
18:45:39.882107 [0-0] * ALPN: server did not agree on a protocol. Uses default.
18:45:39.882136 [0-0] * Server certificate:
18:45:39.882154 [0-0] * subject: CN=*.overwolf.com
18:45:39.882182 [0-0] * start date: Dec 26 00:00:00 2025 GMT
18:45:39.882204 [0-0] * expire date: Jan 24 23:59:59 2027 GMT
18:45:39.882228 [0-0] * subjectAltName: host "download.overwolf.com" matched cert's "*.overwolf.com"
18:45:39.882258 [0-0] * issuer: C=US; O=Amazon; CN=Amazon ECDSA 256 M01
18:45:39.882290 [0-0] * SSL certificate verify ok.
18:45:39.882337 [0-0] * Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:39.882366 [0-0] * Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:39.882382 [0-0] * Certificate level 2: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:39.882415 [0-0] * [HTTPS-CONNECT] connect+handshake h2: 103ms, 1st data: 97ms
18:45:39.882438 [0-0] * [HTTPS-CONNECT] connect -> 0, done=1
18:45:39.882470 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=1
18:45:39.882499 [0-0] * Connected to download.overwolf.com (3.165.75.19) port 443
18:45:39.882530 [0-0] * using HTTP/1.x
18:45:39.882588 [0-0] > GET /install/Download?utm_content=new-light HTTP/1.1
18:45:39.882588 [0-0] > Host: download.overwolf.com
18:45:39.882588 [0-0] > User-Agent: curl/8.15.0
18:45:39.882588 [0-0] > Accept: */*
18:45:39.882588 [0-0] >
18:45:39.882739 [0-0] * Request completely sent off
18:45:39.926276 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
18:45:41.282238 [0-0] < HTTP/1.1 302 Moved Temporarily
18:45:41.282278 [0-0] < Content-Type: text/plain; charset=utf-8
18:45:41.282290 [0-0] < Content-Length: 121
18:45:41.282301 [0-0] < Connection: keep-alive
18:45:41.282311 [0-0] < Date: Sat, 27 Dec 2025 10:45:41 GMT
18:45:41.282336 [0-0] < Location: https://download.overwolf.com/installer/prod/d3c362dbd766d06887186dde3a01c1c0/OverwolfInstaller.exe
18:45:41.282366 [0-0] < X-Cache: Miss from cloudfront
18:45:41.282396 [0-0] < Via: 1.1 6880261b790d5cc587761918ac637c2a.cloudfront.net (CloudFront)
18:45:41.282427 [0-0] < X-Amz-Cf-Pop: SIN2-P5
18:45:41.282459 [0-0] < X-Amz-Cf-Id: ij9pG5tNDB1DpiP7s1Khj8nbVGD7Z7KdRaUI2y03_hAfAs3p7hC7eA==
18:45:41.282489 [0-0] <
18:45:41.282550 [0-0] * Connection #0 to host download.overwolf.com left intact
Found. Redirecting to https://download.overwolf.com/installer/prod/d3c362dbd766d06887186dde3a01c1c0/OverwolfInstaller.exeTracing the redirecting, the next request detailed below.
$ curl -vv https://download.overwolf.com/installer/prod/d3c362dbd766d06887186dde3a01c1c0/OverwolfInstaller.exe
18:45:54.224294 [0-0] * Host download.overwolf.com:443 was resolved.
18:45:54.224428 [0-0] * IPv6: (none)
18:45:54.224441 [0-0] * IPv4: 3.165.75.100, 3.165.75.80, 3.165.75.28, 3.165.75.19
18:45:54.224455 [0-0] * [HTTPS-CONNECT] adding wanted h2
18:45:54.224467 [0-0] * [HTTPS-CONNECT] added
18:45:54.224491 [0-0] * [HTTPS-CONNECT] connect, init
18:45:54.224567 [0-0] * Trying 3.165.75.100:443...
18:45:54.224771 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:54.224798 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:54.224831 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:54.239023 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:54.239089 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:54.239119 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:54.271037 [0-0] * ALPN: curl offers h2,http/1.1
18:45:54.271529 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
18:45:54.278084 [0-0] * CAfile: /etc/ssl/certs/ca-certificates.crt
18:45:54.278130 [0-0] * CApath: /etc/ssl/certs
18:45:54.278147 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
18:45:54.278187 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
18:45:54.278208 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:45:54.316676 [0-0] * TLSv1.3 (IN), TLS handshake, Server hello (2):
18:45:54.317350 [0-0] * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
18:45:54.317399 [0-0] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
18:45:54.317476 [0-0] * TLSv1.3 (IN), TLS handshake, Certificate (11):
18:45:54.318956 [0-0] * TLSv1.3 (IN), TLS handshake, CERT verify (15):
18:45:54.319114 [0-0] * TLSv1.3 (IN), TLS handshake, Finished (20):
18:45:54.319209 [0-0] * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
18:45:54.319269 [0-0] * TLSv1.3 (OUT), TLS handshake, Finished (20):
18:45:54.319368 [0-0] * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519MLKEM768 / id-ecPublicKey
18:45:54.319379 [0-0] * ALPN: server did not agree on a protocol. Uses default.
18:45:54.319390 [0-0] * Server certificate:
18:45:54.319410 [0-0] * subject: CN=*.overwolf.com
18:45:54.319431 [0-0] * start date: Dec 26 00:00:00 2025 GMT
18:45:54.319469 [0-0] * expire date: Jan 24 23:59:59 2027 GMT
18:45:54.319501 [0-0] * subjectAltName: host "download.overwolf.com" matched cert's "*.overwolf.com"
18:45:54.319534 [0-0] * issuer: C=US; O=Amazon; CN=Amazon ECDSA 256 M01
18:45:54.319545 [0-0] * SSL certificate verify ok.
18:45:54.319621 [0-0] * Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:54.319635 [0-0] * Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:54.319661 [0-0] * Certificate level 2: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
18:45:54.319831 [0-0] * [HTTPS-CONNECT] connect+handshake h2: 95ms, 1st data: 92ms
18:45:54.319859 [0-0] * [HTTPS-CONNECT] connect -> 0, done=1
18:45:54.319877 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=1
18:45:54.319911 [0-0] * Connected to download.overwolf.com (3.165.75.100) port 443
18:45:54.319954 [0-0] * using HTTP/1.x
18:45:54.320014 [0-0] > GET /installer/prod/d3c362dbd766d06887186dde3a01c1c0/OverwolfInstaller.exe HTTP/1.1
18:45:54.320014 [0-0] > Host: download.overwolf.com
18:45:54.320014 [0-0] > User-Agent: curl/8.15.0
18:45:54.320014 [0-0] > Accept: */*
18:45:54.320014 [0-0] >
18:45:54.320175 [0-0] * Request completely sent off
18:45:54.363347 [0-0] * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
18:45:55.052908 [0-0] < HTTP/1.1 200 OK
18:45:55.052974 [0-0] < Content-Type: application/octet-stream
18:45:55.052986 [0-0] < Content-Length: 2721404
18:45:55.053002 [0-0] < Connection: keep-alive
18:45:55.053012 [0-0] < Date: Sat, 27 Dec 2025 10:45:55 GMT
18:45:55.053090 [0-0] < Last-Modified: Sat, 27 Dec 2025 10:45:42 GMT
18:45:55.053100 [0-0] < ETag: "811a73dc252da4bcaafcf16563668404"
18:45:55.053135 [0-0] < x-amz-server-side-encryption: AES256
18:45:55.053170 [0-0] < Cache-Control: max-age=600
18:45:55.053205 [0-0] < Content-Encoding: gzip
18:45:55.053225 [0-0] < Accept-Ranges: bytes
18:45:55.053253 [0-0] < Server: AmazonS3
18:45:55.053275 [0-0] < X-Cache: Miss from cloudfront
18:45:55.053303 [0-0] < Via: 1.1 cc18dd7fa2c068ac22479a63cf9e820e.cloudfront.net (CloudFront)
18:45:55.053330 [0-0] < X-Amz-Cf-Pop: SIN2-P5
18:45:55.053359 [0-0] < X-Amz-Cf-Id: F5MhKgPB1SGuKJvMTvrDxcHPPwkeXKTigMtTPPDfWygURQ_vMU2hnQ==
18:45:55.053385 [0-0] <
Warning: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file.
18:45:55.053440 [0-0] * client returned ERROR on write of 15345 bytes
18:45:55.053461 [0-0] * closing connection #0It was easily found that the server use Gzip to compress the file. However, i think ABDM didnt handle it correctly.
18:45:55.053205 [0-0] < Content-Encoding: gzip
I tried to use 010 editor to check the file downloaded by ABDM, it didnt contain the magic number like 4D 5A 90 00 which should be contain at the first in a normal .exe file. Instead, the number is 1F 8B 08 00 (first 4 bytes).
When i tried to Gzip the real executable program, it did have the bytes stream like the file which was downloaded by ABDM.
To make by guess more credible, i also tried to Gunzip the file downloaded by ABDM, it did produce a runable executable file.
💡 Possible Solution (optional)
No response