zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Zona by Zondervan. While running, it connects to the Internet address 5x18x184x7.static-business.iz.ertelecom.ru on port 60868.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona

Version:
1.0.4.7

MD5:
e3ba4a11b5136076286b2d85db7ad074

SHA-1:
5cdc3af682085ec0683e95952de05bc3ff425ffe

SHA-256:
3bffcb8249c861dead9ad17b292a8aed829b8f978df5b1d3a479aaaf80a9fd9d

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 3:49:11 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Agent
2.1.4+

Dr.Web
Adware.Downware.3011
9.0.1.0167

Reason Heuristics
PUP.DestinyMedia.E
14.10.1.12

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.26.0

File size:
658 KB (673,792 bytes)

Product version:
1.0.4.7

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Language:
Russian

Common path:
C:\Program Files\zona\zona.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 1:00:00 AM

Valid to:
7/2/2014 12:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
5/30/2014 9:15:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:H4h0N19TXEWu2A83GGef/xsLQXaPDWQRhMB+6QpbzroSZRrEH:Yh0N19rE98HK5sLAaPDPMgiH

Entry address:
0x18E0E0

Entry point:
60, BE, 00, F0, 50, 00, 8D, BE, 00, 20, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F0, C8, 18, 00, 57, 83, C3, 04, 53, 68, DD, F0, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
512 KB (524,288 bytes)

The file zona.exe has been discovered within the following programs.

Zona  by Zondervan
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.ihc.ru  (185.22.235.14:80)

TCP:
Connects to wimax-client.yota.ru  (109.188.124.184:42737)

TCP:
Connects to user-222.81.118.217.in-addr.arpa  (217.118.81.222:24348)

TCP:
Connects to server5.yahootrader.com  (104.203.241.38:54064)

TCP:
Connects to pppoe.zlg18-nbr28.sibttk.net  (31.216.160.223:36508)

TCP:
Connects to novodonnet.donbass.com  (92.242.99.242:59842)

TCP:
Connects to nat.abk61-p19a.sibttk.net  (46.166.101.46:35213)

TCP (HTTP):
Connects to LU1.B.M03.24.server.lu  (94.242.254.206:80)

TCP:
Connects to ipoe-static.mosoblast.rt.ru  (213.140.228.204:62458)

TCP:
Connects to ip-188-113-189-66.z61.ysk.scts.tv  (188.113.189.66:46627)

TCP:
Connects to ip-176-194-4-183.bb.netbynet.ru  (176.194.4.183:18198)

TCP:
Connects to ip-172-31-151-132.ec2.internal  (172.31.151.132:57238)

TCP:
Connects to ip-172-30-181-118.ec2.internal  (172.30.181.118:45987)

TCP:
Connects to ip-172-29-247-56.ec2.internal  (172.29.247.56:52132)

TCP:
Connects to ip-172-24-85-189.ec2.internal  (172.24.85.189:34898)

TCP:
Connects to ip-172-24-221-32.ec2.internal  (172.24.221.32:61554)

TCP:
Connects to ip-172-24-194-133.ec2.internal  (172.24.194.133:30102)

TCP:
Connects to host-31-180-251-118.stv.ru  (31.180.251.118:60143)

TCP:
Connects to host-153.215.157.37.ucom.am  (37.157.215.153:34619)

TCP:
Connects to dynamicip-94-181-3-198.pppoe.chel.ertelecom.ru  (94.181.3.198:1)

Remove zona.exe - Powered by Reason Core Security