home

zonawebsetup.exe

Zona installer

Destiny Media

The application zonawebsetup.exe by Destiny Media has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from dl2.appzona.net.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.5.7

MD5:
477fb0cdeb7dcee886b1fa20ffdd49d4

SHA-1:
c67d1b09e3c8229b049e4b0501b5cc12f38c3006

SHA-256:
5c005ac08b4f53e912072905c7d89fe30c2db243adb3dea3e21e280c23d84ecf

Scanner detections:
33 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 10:40:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.BR
649

Agnitum Outpost
PUA.ZvuZona
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.10.31

Avira AntiVirus
APPL/Bundler.BR
7.11.182.106

avast!
Win32:ZvuZona-I [PUP]
2014.9-150727

AVG
Generic
2016.0.3127

Baidu Antivirus
PUA.Win32.ZvuZona
4.0.3.15426

Bitdefender
Application.Bundler.BR
1.0.20.580

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.ZvuZona.A
19165

Dr.Web
riskware program Program.Zona.41
9.0.1.0116

Emsisoft Anti-Malware
Application.Bundler.BR
8.15.04.26.09

ESET NOD32
Win32/ZvuZona.A potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2350
4/26/2015

F-Prot
W32/A-baee0668
v6.4.7.1.166

F-Secure
Application.Bundler.BR
11.2015-26-04_1

G Data
Application.Bundler.BR
15.4.24

herdProtect (fuzzy)
variant of {d8a7c3d7-bf5a-438e-a7fd-8f81dfd40802} (PUP)
2015.7.27.13

IKARUS anti.virus
PUA.ZvuZona
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.204.15949

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.2130

Malwarebytes
PUP.Optional.Zona
v2015.04.26.09

McAfee
Program.ZvuZona
5600.6783

MicroWorld eScan
Application.Bundler.BR
16.0.0.348

NANO AntiVirus
Trojan.Win32.AdLoad.dohigr
0.30.20.1219

Panda Antivirus
Generic Suspicious
15.04.26.10

Quick Heal
PUA.DestinyMed.DC3
4.15.14.00

Reason Heuristics
PUP.Installer.DestinyMedia
15.4.26.17

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.15424

Total Defense
Win32/Tnega.CEXWLFD
37.1.62.1

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.3

VIPRE Antivirus
Threat.4150696
39676

Zillya! Antivirus
Downloader.Adload.Win32.18418
2.0.0.2182

File size:
227.2 KB (232,656 bytes)

Product version:
1.0.5.7

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Language:
Russian

Common path:
C:\users\{user}\downloads\zonawebsetup.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
6/19/2014 1:00:00 AM

Valid to:
7/19/2016 12:59:59 AM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
2/11/2015 11:26:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:+p4wdZ3t4A6M2kwp+E4tEZw7BkJgSoS3V9H:+p4wj3t9B7wp+1+w7NSoS3v

Entry address:
0x99D20

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 07, 76, 09, 00, 57, 83, C3, 04, 53, 68, 13, 2D, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9256  (probably packed)

Code size:
208 KB (212,992 bytes)

The file zonawebsetup.exe has been seen being distributed by the following URL.

http://dl2.appzona.net/tmp/8f/3b/.../p roevolutionsoccer6_2003.exe

Remove zonawebsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.