Setup.exe

Zona installer

Destiny Media

The file Setup.exe by Destiny Media has been detected as a potentially unwanted program by 20 anti-malware scanners. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from dl.zona.ru and multiple other hosts.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.5.7

MD5:
6971c1aa18609c6d4db00d6e61aa484b

SHA-1:
f7fd824697e9f2cc791aa5e97b8328cf2a85eebc

SHA-256:
abd97d89f0d30567d07dfa1758ca6254ed4adb92d82b7640ba4f1068dc9cef3f

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 8:28:27 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.ZonaInstaller
2015.05.22

AVG
Generic
2016.0.3102

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.ZvuZona.A
22196

Dr.Web
Program.Zona.41
9.0.1.0141

ESET NOD32
Win32/ZvuZona.A potentially unwanted (variant)
9.11662

Fortinet FortiGate
Riskware/Adload
5/21/2015

G Data
Win32.Application.ZvuZona
15.5.25

K7 AntiVirus
Adware
13.204.15985

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.2005

McAfee
ZvuZona
5600.6758

NANO AntiVirus
Riskware.Win32.Zona.dqfxyb
0.30.24.1636

Panda Antivirus
Trj/CI.A
15.05.21.10

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.DestinyMedia
15.5.21.18

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.15519

Sophos
Generic PUA PH
4.98

Trend Micro House Call
Suspicious_GEN.F47V0514
7.2.141

VIPRE Antivirus
Trojan.Win32.Generic
40430

Zillya! Antivirus
Downloader.Adload.Win32.18417
2.0.0.2186

File size:
29.1 MB (30,525,160 bytes)

Product version:
1.0.5.7

Copyright:
Copyright (C) 2015

Language:
Russian

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/18/2014 8:00:00 PM

Valid to:
7/18/2016 7:59:59 PM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
5/14/2015 9:00:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:3QetPpJs239nzCrQL9GF5pVB3ZDPTv/2b22D:3Qe7JT39nziQxGFVBN7v/2BD

Entry address:
0x38BA0

Entry point:
E8, 9A, 61, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 54, D9, 46, 00, FF, 15, 5C, 52, 45, 00, 85, C0, 75, 18, 56, E8, 86, 18, 00, 00, 8B, F0, FF, 15, D0, 51, 45, 00, 50, E8, 36, 18, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 5E, 18, 00, 00, 6A, 16, 5E, 89, 30, E8, 00, 53, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 42, 18, 00, 00, 6A, 16, 5E, 89, 30, E8, E4, 52, 00, 00, 8B, C6...
 
[+]

Entropy:
7.9956  (probably packed)

Code size:
333 KB (340,992 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

Remove Setup.exe - Powered by Reason Core Security