pop_heather_peace_-_live_at_the_jazz_cafe_-_2013_mp3_128_kbps.exe

Zona installer

Destiny Media

The application pop_heather_peace_-_live_at_the_jazz_cafe_-_2013_mp3_128_kbps.exe by Destiny Media has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl4.getz.tv and multiple other hosts.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.0.0

MD5:
aec4c50942a2630ca214abbe81eed243

SHA-1:
1c7afcb39d426d204a6894244ab8d48cf8bbc63c

SHA-256:
d74c2fb609644bfc2dc9502941986643162cc81fec9238034ff42bcf6dec9f6b

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 3:27:17 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BR
902

Agnitum Outpost
PUA.ZvuZona
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.167.154

AVG
Generic
2015.0.3380

Bitdefender
Application.Bundler.BR
1.0.20.1140

Comodo Security
Application.Win32.ZvuZona.A
19217

Dr.Web
riskware program Program.Zona.28
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BR
9.0.0.4324

ESET NOD32
Win32/ZvuZona.A potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.BR
11.2014-16-08_7

G Data
Application.Bundler.BR
14.8.24

Malwarebytes
PUP.Optional.Zona
v2014.08.16.06

McAfee
ZvuZona
5600.7036

MicroWorld eScan
Application.Bundler.BR
15.0.0.684

Reason Heuristics
PUP.Installer.DestinyMedia.AA
14.10.1.12

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.14814

VIPRE Antivirus
Threat.4150696
32210

File size:
227.1 KB (232,520 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Language:
Russian

Common path:
C:\users\{user}\downloads\pop_heather_peace_-_live_at_the_jazz_cafe_-_2013_mp3_128_kbps.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/19/2014 1:00:00 AM

Valid to:
7/19/2016 12:59:59 AM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
8/7/2014 12:15:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Vd/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSV1Q:VJhlsnstn+LroSS8

Entry address:
0x99B90

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, EC, 75, 09, 00, 57, 83, C3, 04, 53, 68, 7F, 2B, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9259  (probably packed)

Code size:
208 KB (212,992 bytes)

The file pop_heather_peace_-_live_at_the_jazz_cafe_-_2013_mp3_128_kbps.exe has been seen being distributed by the following 3 URLs.