zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address hosted-by.ihc.ru on port 80 using the HTTP protocol.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona

Version:
1.0.5.8

MD5:
90e32a5792e0d24fe593bc4455fcdd2a

SHA-1:
a0b4e4261db682c5cc997f2485896ccae7fe25ae

SHA-256:
3ac3f42cfa7b3b0ee8c53f70726a58e6757d0dca0f75be62536fe1fa71332021

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:35:48 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/ZonaInstaller
2015.02.11

avast!
Win32:ZvuZona-F [PUP]
2014.9-150211

AVG
Generic
2016.0.3202

G Data
Win32.Application.ZvuZona
15.2.25

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.2505

McAfee
Artemis!90E32A5792E0
5600.6858

Panda Antivirus
Generic Suspicious
15.02.11.01

Qihoo 360 Security
Win32/Virus.Downloader.bd5
1.0.0.1015

Reason Heuristics
PUP.DestinyMedia
15.2.11.1

Trend Micro House Call
Suspicious_GEN.F47V0210
7.2.42

File size:
658.5 KB (674,256 bytes)

Product version:
1.0.5.8

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zona\zona.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/19/2014 5:00:00 AM

Valid to:
7/19/2016 4:59:59 AM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
2/9/2015 12:06:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:LYmwFHJva6wY2tikzE0DBA76hg/nTX0Sp3UKwvpL1u1KJ4TZpPoSo52BD:LYmSpbkzE0D3gLZpkK+V1uwJUpjD

Entry address:
0x18E2A0

Entry point:
60, BE, 00, F0, 50, 00, 8D, BE, 00, 20, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, FA, C8, 18, 00, 57, 83, C3, 04, 53, 68, 90, F2, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
512 KB (524,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.ihc.ru  (46.254.18.135:80)

TCP (HTTP):
Connects to ns2.mp3poisk.ru  (46.254.17.120:80)

TCP (HTTP):
Connects to unknown.srv  (5.35.171.17:80)

TCP:
Connects to sceptrum.netdatacomm.cz  (176.74.128.54:24398)

TCP:
Connects to nat227-mana.convex.ru  (195.64.208.227:25060)

TCP:
Connects to nat1-195.211.62.63.crystal.in.ua  (195.211.62.63:42485)

TCP:
Connects to ip1.uniorplus.ru  (178.16.148.1:23386)

TCP:
Connects to 92.46.209.149.metro.online.kz  (92.46.209.149:55705)

TCP:
Connects to 028.189.151.89.chtts.ru  (89.151.189.28:51673)

TCP:
Connects to enode.176.59.34.24.tele2.ru  (176.59.34.24:48903)

TCP:
Connects to 217-15-152-45.pppoe.yaroslavl.ru  (217.15.152.45:50850)

TCP:
Connects to 178.167.196.77.threembb.ie  (178.167.196.77:41791)

TCP:
Connects to ppp85-140-3-126.pppoe.mtu-net.ru  (85.140.3.126:52602)

TCP:
Connects to ladovych.ett.ua  (78.154.160.206:70)

TCP:
Connects to ip-188-230-14-161.airbites.net.ua  (188.230.14.161:21675)

TCP:
Connects to host-static-188-237-18-150.moldtelecom.md  (188.237.18.150:1)

TCP (HTTP):
Connects to e1dc-unassigned.eserver-ru.com  (80.77.168.135:80)

TCP:
Connects to dynamicip-188-234-33-123.pppoe.kzn.ertelecom.ru  (188.234.33.123:1)

TCP:
Connects to dynamic-109-81-211-28.ipv4.broadband.iol.cz  (109.81.211.28:1)

Remove zona.exe - Powered by Reason Core Security