home

vadim_zeland_-_transerfing._iznanka_realnosti._audio_dorozhki_zhivyh_urokov_vadima_zelanda_54_otdeln

Zona installer

Destiny Media

The file vadim_zeland_-_transerfing._iznanka_realnosti._audio_dorozhki_zhivyh_urokov_vadima_zelanda_54_otdeln by Destiny Media has been detected as a potentially unwanted program by 30 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl4.getz.tv.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.0.0

MD5:
f9edcb575cb3b83d242c49ac353ad16d

SHA-1:
5af1a58ab31d9c349eda97d714a191708bcb8b03

SHA-256:
89b95470bd09a24a93b0d05d96fcad98a597784a45ffb4d3cc1742efd71baf6a

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:00:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BR
6454353

Agnitum Outpost
PUA.ZvuZona
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2015.02.22

Avira AntiVirus
APPL/Bundler.BR
7.11.211.248

avast!
ZvuZona-D [PUP]
150203-1

AVG
Generic
2016.0.3191

Bitdefender
Application.Bundler.BR
1.0.20.265

Comodo Security
Application.Win32.ZvuZona.A
21168

Dr.Web
riskware program Program.Zona.28
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.BR
9.0.0.4799

ESET NOD32
Win32/ZvuZona.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2350
2/22/2015

F-Prot
W32/A-5105d86f
v6.4.7.1.166

F-Secure
Application.Bundler.BR
11.2015-22-02_1

G Data
Application.Bundler.BR
15.2.25

IKARUS anti.virus
PUA.ZvuZona
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.197.15043

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
15.0.0.543

Malwarebytes
PUP.Optional.Zona
v2015.02.22.04

McAfee
Program.ZvuZona
16.8.708.2

MicroWorld eScan
Application.Bundler.BR
16.0.0.159

NANO AntiVirus
Riskware.Win32.Zona.dmgpjm
0.30.0.296

Norman
Application.Bundler.BR
02.01.2015 13:58:24

Panda Antivirus
Generic Suspicious
15.02.22.04

Reason Heuristics
PUP.Installer.DestinyMedia
15.2.22.3

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.15220

Trend Micro House Call
ADW_ZVUZONA_UVPC
7.2.53

Trend Micro
ADW_ZVUZONA_UVPC
10.465.22

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.3

VIPRE Antivirus
Threat.4150696
37588

File size:
227.4 KB (232,864 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

Language:
Russian

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\vadim_zeland_-_transerfing._iznanka_realnosti._audio_dorozhki_zhivyh_urokov_vadima_zelanda_54_otdeln.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
6/19/2014 3:00:00 AM

Valid to:
7/19/2016 2:59:59 AM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
8/7/2014 2:15:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ed/oKyhlMI4s9hs9gqt8sHE8Ywe3Mox+pqoSSVad:eJhlsnstn+LroSSU

Entry address:
0x99B90

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, EC, 75, 09, 00, 57, 83, C3, 04, 53, 68, 7F, 2B, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
208 KB (212,992 bytes)

The file vadim_zeland_-_transerfing._iznanka_realnosti._audio_dorozhki_zhivyh_urokov_vadima_zelanda_54_otdeln has been seen being distributed by the following URL.

http://dl4.getz.tv/tmp/7b/c9/.../vadim_zeland_-_transerfing._iznanka_realnosti._audio_dorozhki_zhivyh_urokov_vadima_zelanda_54_otdeln.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.