{5b8ef8f0-4707-4f0b-9d13-e609bf68d768}

Zona installer

Destiny Media

The file {5b8ef8f0-4707-4f0b-9d13-e609bf68d768} by Destiny Media has been detected as a potentially unwanted program by 16 anti-malware scanners. The file has been seen being downloaded from vsofte-file.ru. While running, it connects to the Internet address hosted-by.ihc.ru on port 80 using the HTTP protocol.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.0.0

MD5:
e6caf568f4eba970f20e18bc6d35a640

SHA-1:
44543d39d80e00c91f8df39562bd6395b52cf97c

SHA-256:
66890dd9afe1336155eefab6bde4b89b6e8290f579dc8a435c3b13b4895f290c

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:54:52 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.ZonaInstaller
2015.07.04

Avira AntiVirus
ADWARE/ZvuZona.29142776
8.3.1.6

avast!
Win32:LoadMoney-KB [PUP]
2014.9-150703

AVG
Generic
2016.0.3059

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
Application.Win32.ZvuZona.A
22656

Dr.Web
Program.Zona.44
9.0.1.0184

ESET NOD32
Win32/ZvuZona.A potentially unwanted (variant)
9.11886

F-Prot
W32/A-baee0668
v6.4.7.1.166

G Data
Win32.Application.ZvuZona
15.7.25

K7 AntiVirus
Unwanted-Program
13.205.16456

Malwarebytes
PUP.Optional.Zona
v2015.07.03.10

McAfee
ZvuZona
5600.6715

Reason Heuristics
PUP.DestinyMedia.Installer (M)
15.7.3.22

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.15701

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.26.4

File size:
27.8 MB (29,142,776 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 3:00:00 AM

Valid to:
7/2/2014 2:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
5/8/2014 10:24:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:xa/yZ2q3f8vQ64XYWuqatkzL142BlkxwvakL:x4yb8vQ64XYWuhtG1VBlkxzkL

Entry address:
0x37840

Entry point:
E8, BA, 61, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, F4, B8, 46, 00, FF, 15, 5C, 32, 45, 00, 85, C0, 75, 18, 56, E8, A2, 18, 00, 00, 8B, F0, FF, 15, 28, 31, 45, 00, 50, E8, 52, 18, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 7A, 18, 00, 00, 6A, 16, 5E, 89, 30, E8, 20, 53, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 5E, 18, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 53, 00, 00, 8B, C6...
 
[+]

Code size:
327.5 KB (335,360 bytes)

The file {5b8ef8f0-4707-4f0b-9d13-e609bf68d768} has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.ihc.ru  (46.254.17.199:80)

Remove {5b8ef8f0-4707-4f0b-9d13-e609bf68d768} - Powered by Reason Core Security