Have you checked when the file was last modified.

If it fits the date you did the Spotify command then I wouldn’t worry much about it.

If you still are concerned you can send the file to virustotal to be safe.

If it’s more concerning for you for a functional reason then move the file elsewhere if nothing break you should be fine.

You could run an offline fsck to make sure it’s not being caused by disk corruption or something. An offline malware scan at the same time wouldn’t hurt, however unlikely. (That is, boot from external media so you know the drive’s not in use.)

The file command might be able to identify it if it’s of a known format, but if, as you say, it’s all zeros that won’t be particularly fruitful (it’ll just say “data” if a test on my own computer is anything to go by).

Or you could lsof | grep theweirdfilename to see if any active processes are using it, not that this would show up if it was malware (which is unlikely, especially if you did that scan earlier).

If, as you say, it’s all zeros, you could just bzip2 it (or similar) if you don’t want to delete it for whatever reason. That way if something complains you could uncompress it again.

That said, if it doesn’t show up as useful and isn’t fixed by any of the above it’d probably be OK to delete it.

you have entirely foss Bless hex editor right there, no need to use online stuff

Convoluted name and a lot of null bytes? Sounds like a temporary file used during downloading.