» zona.exe
Overview
Analysis
File Details
Programs (1)
Network (99)

zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Zona by Zondervan. While running, it connects to the Internet address 5x18x184x7.static-business.iz.ertelecom.ru on port 60868.

File name:

zona.exe

Publisher:

Destiny Media (signed and verified)

Product:

Zona

Version:

1.0.4.7

MD5:

e3ba4a11b5136076286b2d85db7ad074

SHA-1:

5cdc3af682085ec0683e95952de05bc3ff425ffe

SHA-256:

3bffcb8249c861dead9ad17b292a8aed829b8f978df5b1d3a479aaaf80a9fd9d

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:20:16 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dropper.W32.Agent

2.1.4+

Dr.Web

Adware.Downware.3011

9.0.1.0167

Reason Heuristics

PUP.DestinyMedia.E

14.10.1.12

Vba32 AntiVirus

Signed-Downware.ZvuZona

3.12.26.0

File size:

658 KB (673,792 bytes)

Product version:

1.0.4.7

File type:

Executable application (Win32 EXE)

Language:

Russian

Common path:

C:\Program Files\zona\zona.exe

Digital Signature

Signed by:

Destiny Media

Authority:

VeriSign, Inc.

Valid from:

4/1/2013 1:00:00 AM

Valid to:

7/2/2014 12:59:59 AM

Subject:

CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata

Compilation timestamp:

5/30/2014 9:15:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:H4h0N19TXEWu2A83GGef/xsLQXaPDWQRhMB+6QpbzroSZRrEH:Yh0N19rE98HK5sLAaPDPMgiH

Entry address:

0x18E0E0

Entry point:

60, BE, 00, F0, 50, 00, 8D, BE, 00, 20, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F0, C8, 18, 00, 57, 83, C3, 04, 53, 68, DD, F0, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

512 KB (524,288 bytes)

The file zona.exe has been discovered within the following programs.

Zona by Zondervan

About 9% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hosted-by.ihc.ru (185.22.235.14:80)

TCP:

Connects to wimax-client.yota.ru (109.188.124.184:42737)

TCP:

Connects to user-222.81.118.217.in-addr.arpa (217.118.81.222:24348)

TCP:

Connects to server5.yahootrader.com (104.203.241.38:54064)

TCP:

Connects to pppoe.zlg18-nbr28.sibttk.net (31.216.160.223:36508)

TCP:

Connects to novodonnet.donbass.com (92.242.99.242:59842)

TCP:

Connects to nat.abk61-p19a.sibttk.net (46.166.101.46:35213)

TCP (HTTP):

Connects to LU1.B.M03.24.server.lu (94.242.254.206:80)

TCP:

Connects to ipoe-static.mosoblast.rt.ru (213.140.228.204:62458)

TCP:

Connects to ip-188-113-189-66.z61.ysk.scts.tv (188.113.189.66:46627)

TCP:

Connects to ip-176-194-4-183.bb.netbynet.ru (176.194.4.183:18198)

TCP:

Connects to ip-172-31-151-132.ec2.internal (172.31.151.132:57238)

TCP:

Connects to ip-172-30-181-118.ec2.internal (172.30.181.118:45987)

TCP:

Connects to ip-172-29-247-56.ec2.internal (172.29.247.56:52132)

TCP:

Connects to ip-172-24-85-189.ec2.internal (172.24.85.189:34898)

TCP:

Connects to ip-172-24-221-32.ec2.internal (172.24.221.32:61554)

TCP:

Connects to ip-172-24-194-133.ec2.internal (172.24.194.133:30102)

TCP:

Connects to host-31-180-251-118.stv.ru (31.180.251.118:60143)

TCP:

Connects to host-153.215.157.37.ucom.am (37.157.215.153:34619)

TCP:

Connects to dynamicip-94-181-3-198.pppoe.chel.ertelecom.ru (94.181.3.198:1)

Remove zona.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.