zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Zona’. This file is typically installed with the program Zona by Zondervan. While running, it connects to the Internet address hosted-by.ihc.ru on port 80 using the HTTP protocol.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona

Version:
1.0.4.6

MD5:
6e9997eabc77ecfe46efc9ae6b9be08d

SHA-1:
87374e75397afe5f57b752c79fe9db4f0f19a2f2

SHA-256:
405000a27038eb0ad8fc1761f99659ccff40de2c0b874ad3f67ef389daa762a7

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:50:55 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Agent
2.1.4+

Dr.Web
Adware.Downware.3011
9.0.1.0116

Reason Heuristics
PUP.Startup.DestinyMedia.E
14.10.1.12

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.26.0

File size:
657 KB (672,768 bytes)

Product version:
1.0.4.6

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zona\zona.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 6:00:00 AM

Valid to:
7/2/2014 5:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
4/21/2014 10:52:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:EnkRK5OJF21ABBuY7TzxzlRSFFxns6Bwy8xf06PXxhc74qR1hi4vDn8evu7oSXlD:8JjyBBuY7vxz2jskPsphJ2K4vD3vuok

Entry address:
0x18DCE0

Entry point:
60, BE, 00, F0, 50, 00, 8D, BE, 00, 20, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 91, B8, 18, 00, 57, 83, C3, 04, 53, 68, D4, EC, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
512 KB (524,288 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Zona

Command:
C:\Program Files\zona\zona.exe \minimized


The file zona.exe has been discovered within the following programs.

Zona  by Zondervan
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.ihc.ru  (46.254.16.107:80)

TCP (HTTP):
Connects to checkip.dyndns.com  (216.146.43.70:80)

TCP:
Connects to X171.bbn07-214.lipetsk.ru  (178.234.214.171:65442)

TCP:
Connects to www.servepath.com  (216.93.165.139:6881)

TCP:
Connects to v-72894-unlim.vpn.mgn.ru  (79.134.15.212:19557)

TCP (HTTP):
Connects to tracker.publicbt.com  (31.172.63.225:80)

TCP (HTTP):
Connects to tracker.openbittorrent.com  (31.172.63.252:80)

TCP (HTTP):
Connects to server.zona.ru  (91.218.231.97:80)

TCP:
Connects to pppoe96.net109-120-31.se1.omkc.ru  (109.120.31.96:42983)

TCP:
Connects to PPPoE-88-147-153-248.san.ru  (88.147.153.248:58890)

TCP:
Connects to pppoe-178-34-211-65.kbrnet.ru  (178.34.211.65:53286)

TCP:
Connects to ppp91-79-108-251.pppoe.mtu-net.ru  (91.79.108.251:59926)

TCP:
Connects to ppp37-190-61-88.pppoe.spdop.ru  (37.190.61.88:55053)

TCP:
Connects to nat-pool2-ip-160-68.unisnet.ru  (94.230.160.68:1)

TCP:
Connects to nat-pool158-1.danpro.ru  (46.39.1.158:18128)

TCP:
Connects to nat-178-215-110-6.speedyline.ru  (178.215.110.6:9690)

TCP:
Connects to nat-178-215-106-242.speedyline.ru  (178.215.106.242:1)

TCP:
Connects to l37-194-126-30.novotelecom.ru  (37.194.126.30:29183)

TCP:
Connects to l37-193-177-124.novotelecom.ru  (37.193.177.124:35016)

TCP:
Connects to dynamicip-95-79-115-241.pppoe.nn.ertelecom.ru  (95.79.115.241:1)

Remove zona.exe - Powered by Reason Core Security