home

zonawebsetup[228uy].exe

Zona installer

Chetvertoe pokolenie, OOO

The application zonawebsetup[228uy].exe by Chetvertoe pokolenie, OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.currentdownloadsigns.com and multiple other hosts.
Publisher:
4th generation  (signed by Chetvertoe pokolenie, OOO)

Product:
Zona installer

Version:
1.0.7.5

MD5:
2a1f457b031c751d346efa153e2da96b

SHA-1:
b35ca859f72e871a6811fd78ff1a639a7bc0fd30

SHA-256:
a929052aa9fcf64171b1976afb1f846f7fdce8e68002852e0dc828b089087717

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 1:28:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zona.Chetvert.Installer.Meta (M)
16.7.14.16

File size:
833.7 KB (853,680 bytes)

Product version:
1.0.7.5

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\zonawebsetup[228uy].exe

Digital Signature
Signed by:
Chetvertoe pokolenie, OOO

Authority:
COMODO CA Limited

Valid from:
6/27/2016 6:00:00 AM

Valid to:
8/31/2017 5:59:59 AM

Subject:
CN="Chetvertoe pokolenie, OOO", O="Chetvertoe pokolenie, OOO", STREET="prospekt Lenina, 41A", L=Chelyabinsk, S=Chelyabinskaya oblast, PostalCode=454091, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B28001B5ABFAC6B6A3858A0727C9B36

File PE Metadata
Compilation timestamp:
7/14/2016 5:28:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:t7844ttYBPMnWb2c34RFPDxO9BeSARGU9/v:7BEnWb2c34RhxOje3RGUNv

Entry address:
0x56AF4

Entry point:
E8, A6, 4C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, BE, 27, 00, 00, 83, C4, 18, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, D4, 1B, 00, 00, 6A, 16, 5E, 89, 30, E8, 24, 3E, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, B6, 1B, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, 06, FA, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, FF...
 
[+]

Code size:
484 KB (495,616 bytes)

The file zonawebsetup[228uy].exe has been seen being distributed by the following 25 URLs.

http://www.currentdownloadsigns.com/empJSmUuDBgWp67X1 aPnSYUaAocFk6TkM85lIeVKuT WP KrSYiMcnIBXiJmkNLUkq4s1q0senj r r0EA4IGVtzagcKCzet3_8ReXBeCfk2F0mcC4UlMHc8wICVVHEEr9x8icfqp3WvmHw WZISZccYxaz0sFXPJMbvdLF7XbqgiLDzWifDPl_B2 pBbZ0su8kjXrJBf0P6OP9gmhvUEoR54mQsw==-G3UAAMSenxfTwJAZmu570BvoARf91Im0ZVK0SMgho3RzdedJJExNNidCy11__3M4tJ6c0GPhx_lxjHzWyzH2HSx4Ecapp_WGPfy7eGht7OCLStB6YOkioG6191T6cZHEta1fDQ==

http://www.currentdownloadsigns.com/jMh7ZmoAtGK_RqVf8b50OvG21vDuE6hX1Nh2B326DnRKOOpIpNXvFs0gA92vTLE8v4XLbQSb 6 vLj01uRQAMW rOCUjsplmixuLuhLzYrzVVBD6gi_OA iwEJRMWYTO4HqXtoE72GGF qa7qnJD5wF7egVtUXa9AKQBGKvhFCtgFhFmBw=-G0MAAMS22bgVNA0NrRERdJAhJq_0z8MGHDhEFmAgOND5cYHLXUlkchiqaPn6_K_FB4PloDPZghD6xDW_TTnmVFPeKC3gAw==

http://www.currentdownloadsigns.com/EZyPgvf4rhnFcb6RoaYDNQi9B8sOkJfIEkiptZGMwE9WXcb8vttubDX9x8Nsozmr7vTH8KDk_hlSAZgJKB15Ux2UrIw_3Y1f0zjVxTe0ABHrOb5vpqmsnejhyeswGk6hTO8Hm 3iZYzBxK0z9OuExkOzMaPYqz7eedVg3DIEQUO08o1oDSPY B3R2RjB_WQro2MpUcsm-G1IAAMTa3Li96DK6ORlEHIIPDYJPHl_pBgfsBRaGgRUArsPGGNho3EZgbtKUmD6kmUnLX3u_K3QlpmLtR5QE3_PxRvj6ZzUgHnKd6aglX6KfAg==

http://www.currentdownloadsigns.com/xyXSIbnSSa67sksWcoWCUFWPeE3_OwqiPDpMh0at4caDmCzRWoOcdRBU6SQ 5Vj61DWdUCCdUgKsQxCORszvvg7qU0dnsUs6CUgdn0ppZWxm0B0xbfa_YNqV37Kq4gPIod3I08_IhTZfKGEo0rh YdarorgKhNYnlDTLYN2CH9uhvfsem4Q=-G1EAAGRwXmx3C_fMExxy4HCyb4EUoJVfxylrjSSK2gbFiJau Z_SAhugr1LBlw_w4QF33_TNBIhyl_1QDRnkq2zDfPfoaNjLAA==

http://www.currentdownloadsigns.com/ku4SIYaEMX4FB1jMH7MSNZfNT2VFVBbNvznWm4XNtvTtPpin8TsuNEe0_lD79dN upNt0JsowrJCT2niifZvvButFLzXRNDF8ywS96iUclgRsaLMwtQ2pTJS_pKC_M0b2qYQ_1M27Ifhv6GUkAzAsyWP CEnds3_EFyUGWxRiScHrFMWpCM4VbZfIlA4wdMHSxBp_se6-G04AAGTYtvmIHJsNRqcHXHw4kyJZHxpjjLVG4IzUnudKwsoRZOuKFr3W_xywObPk3iaTs63qMxlMrKS7kxtggIAME3gnWYuAuI3SEajeCg==

http://www.currentdownloadsigns.com/Aw83JyYdAxE3t1TDl50ecFZwnfPZORWmDyXm1ZcHj_a81wqbw32Y4ju bpLvcZt3mcUAHGK3FUDMLy2i9y6mnryvkD3GWNooctE0DMtRyOpO4QvlTZBE_CE7aMAPJe2AOK3HK8Ybd7ITQpCvxCGzcDU1qLUDbKRkAgmvkhrYL7RAikkrK18=-G1EAAMSgeTE9uBShG2DYgAOHgAcJcB6Ibs77UrbnuSZR5UizdY0Wrv7PwfyaYs_qEwTSBNUV50O2F1lZYfyufKlQzU0o3c9BTKu3Ag==

http://www.currentdownloadsigns.com/lOYjA0 63ewLLl0 gRNwe56VP2P13mZVqAR9b1X5q2RIafNXizprAbAMagcFN0MCwcProjb7IDKn0HytMwRnTZLTwSiySAk9HfgQ86cT5wVxqMNH 9WErrKxzT6qZRUkN1DmQRFKUCEsB_m3IxbJNRYSPeMh7FyFHtG4Sj lHZPI_SuNSiFdEC41OJpmzDUSFBxugBLE-G1YAAMTa1fNHeHj9SZMyRXFt7eauc8oBe22BBdIWSCD0HTxkSjCJPcs0EyRmbNdFoGWv5_ q13UUCTHgQrVJuNrU4EkOYt96EGrMLLc5fgQ=

http://www.currentdownloadsigns.com/ZKzMqxA492A0eCUhQwh KLu0oZ4h0zCn2A630rxIf51n0YJLuywcpVUZN7y7No RxYnWiRhbzWGczgfeJe4QlMIboNFRQL5MwpOPy9hDdsn78fGUYrRDADjn_z7NDVStAz7F7u5EzJuGg81q8vTrT5L9m3u7yQlSMpGrb0oXYR31Dhg fiIMdpgluGEGkUv6cRvR1AteNp1aTIiyZjquHicqbSt0TQ==-G3oAAMSgeTFNqCttvodGQi4OHCY4W5eEeezdI26Ml_QiLIoYc54riSVGm64rWs21_ dwbgl8B94VxxpgvzL3CAu4_ePawYDlXriZlw Kzxk6_BQBPhOrD7fXhTeN4bu259lEqfLzbPkbW74S

http://www.towernewlaboratory.com/vU2puE22gEp3ZiDZVCubP7aFroz8oNXAt0reoP0Sxv_GyaqVpj208aZTBLTnBMSatFdF_YxFLD0cPcsuEiIr7QFBQF MBexLzvjRRr0j W1JO2t81wxL11jZP8Yil8cYH7TL8gCJIRQe Y0L0N1YaIGrolU4X8YFBOVmXFCgCp4i7MuZ3o2_nD 8U1bVeqkUp19S7fd32H0oW8LQqAg8HHue3HBseg==-G20AAGTwHNrWgKMBVr3DKcctUEwTCvDpCW582BgbP iEZNrzXJUYeQRhXaUV1_zPAf9VaQ_1dKztoJ2yu7JvhwEDPIGQbgK4m5Z8uEmfIqIR0oDyFg==

http://www.currentdownloadsigns.com/HR_LhbxgKRW_RWuBZYvcYta2okxoLZfOVbHIWoGk8fyzNmxMV32Bv8z3dy1COQJ3gK0K6NVQRNAquzsyCCCLRBr94eEAcvNuzGGtxUqHnK8Qy9Jbjhx apuJGkWCrFDhga6LoFFQ5ARdfLHkAGnsDzZI9KwTCQnLGJ3RLtnnG_zHPDzUQME=-G04AAMTaOW6vLJbVZpAuRRng8y_iAbch4jiTIkWkwRhj0NmFtzRVJlGlU2ZGq17zr5iB3zoKi7FEccFuSAN07CPMitaF6RPVVwE=

http://www.towernewlaboratory.com/loi41OG3BYlfX55gfVXieO8Cze1DSeXKMr5ISJWVR8 mPBqND3Fv309 40zwiCMP3YIZvSlZBqTrMWtiiiHvqLQ76PAvupl4w NMWzxfsqSY1OoJWgCd9liAA_FV DcsI9X1k7VsY6_XqEBTKmsSXW29mm3hwQvNUZqEsJUZxXSJSunv4UpjyOfu2GCR3FPLHpgYz2_Tn7tWXK3nQooVP1nYuNwgPQ==-G2sAAMTcVkwqWKJgSCLHxIFBnuHu Uc3OGAvTCxPIh3twGOY5yFF8yINiZo7ihm03HXcz9MQcmskyAi4W6i HJZFf TCcF4X0PxarqucHvVX

http://www.currentdownloadsigns.com/FeOkMhYcbfhunqHtttZEO XtlGtzgdWrEVnphz2dF5ZLQWZht4D3WMLT6Fw1V1z3QEEpXh2BJRhY ea748X3x zjI03pgTKn2SL04xsIxFNIKYCXtd05yE6DZclpRJ1LfmuKJCYha3Z9SW0wn5gPGVaVNC TZd8xPdZl5r5M4Tphbs2MxouYfDqcYcKAhyZTh7yVeRIF-G1gAAMTa3LgpiIPD7jBKHMG_JBg _29FjnHgsC044LzTN2OMnV0E7nS5CwmjGU4RtNh1_6_FOR5GX4rwB0sgHd3B1zgEuoRuw70IdVtLu R6BP4Y

http://www.towernewlaboratory.com/kCqssyD5C4E6 fhHfP_FpV5dp1SozHz8zkb8vBOI31dCvet 0 yGKUjyIFgrM_JSYwdGP6etwMFSuusjhmjb_qO5HTGpsPFx9 3fvzdiodvShtC5XmxwgAdEm9416c4nVhqrTTtKJXHFULZdFCB4zh6C8tUpl GdwvgULzlAafPta1Xbbw=-GzAAAORtm8_K1RmNFxFSgkNQSCjqQUSRRSPFfUqEl8hWIPe0uI5_TyJdJqazYO5Yn7cB_Bg=

http://www.currentdownloadsigns.com/HAHjlrqGpZxHGWKsXgKCltmk2go4Nt34zsOIfnGHp1fTAE1HCIyH aCymptj Jl1JAhkl2OD9RFHuqsGTINOlQ2XbPixVontYa29qBzRrTLeq_rtSW3jzUgiGsy8tMrFP3oIUl92480UCocunADrOwH QyEjEA==-ixiAaHR0cHM6Ly9kbC5hcHB6b25hLm9yZy96d3MvanVzdF9jYXVzZV8zWzJ6Q01tXS5leGUD

http://www.currentdownloadsigns.com/yi2wkPk3V09AzAr0GZCNZokHnNJlfiljPg3O6w7z8_VpMJOO5Tam845p9xmayAREU1SwxI4RyBYHp4V78BuF5r7CXiriOCGGL_PCInDsJJCU1gddxjURMZAyANh8c7rL3OJbMtyrp5hefHT_73LVVtqRjGAbHg==-GzEAAGR3nt U63UYckxWDtnKRHoQUWTRSHGfw0xLpE8g1bS4nn 3y7IocgtsR4vHhFKBHwM=

http://www.towernewlaboratory.com/850Z8tsixHp0ZMfxgWsBKLwEpXUBfy8EFZcC5BR9hrxzqgD4h WiAzHJFFq_Hsbgw qelBOJ7fcNrG7wWerQxcKXlZHz3nB k0gNPGUKouxd9zzPVKfqpn5pfjnRfgNEvG2l4rVMDHXUvu9AsfWpnnQooBNNkmRTcVWATd 9BSloBU6hmkN5mmq2y4 MIgo_1ieBEN8F-G1YAAMTcVmyKsxSzVeQQHCiqDDb n3fKAXttgQXSFkgg9B08ZEowiT3LMBMkpm_XRKBlr f_qtd5FBEU8EC1wXC1qcEnOYh98yIUopVydfwx

http://www.currentdownloadsigns.com/jOCBCkjlOpG 5rax2HQzfUqUF6uWXLAV4xEcYUXaEsTaIq9j3RH45rdh3vw8XE FHTxIN8cQNDcVohenxzwfJu5RFf_sOFIVmihNd2ClUZ0pfPb3gi8ZVSNdNQzCwfQn2Q__jxseLZuOuSzLCCAJPn52rfTfBWrUNVCQqMnZosy38 MwHao=-G0QAAMTczHFTcHGaRSRYAgotmIMvsAEHDpE12CA4nl_H2QEhUW2aLIKWrvkftbMe6Pgy6Zi8QYpzF5kbJDU6jxKS4ZcB

http://www.towernewlaboratory.com/s4yIMxJktz99KV1AYJGyM1YVb36Sallg8QMMRFzWSjZiOD6RYZHNGDrX5w4wehj7YqTj39Q9hkEthK3Y9cTLBZtFffa4o9MgxaervWnz2dJnkH9gNSTQUAPxNQx2rCH0lvMldcCBewqGcY3vS9PkrUEW JiqJte1W8vwEST8LwfaC3Sj0zr8m5qx16CeD4WIEEin8TXTUsBK6GWRSpvNVfgDUf08rA==-G28AAGRxW0xo6ZDxXRUxpxw4tEXQmrcOYAEeHIei4 6KnUnqPBMSxVyJU4IWvfp_jura5sKpuDhhLBFQwIGDvoHtHB QotPnoT8MHn_Y6wC9GHfXy8FHBnCuufVD360lfzk=

http://www.currentdownloadsigns.com/lSiA6PjFntxjRNUFmDvBJ5FrTQ37gyb_jgA44VXCgskqCFG5f 7X R_M3p7Ns3zavK8TgNG5YYNaQhtaZte1OGOmTqVD2Ej_3 xrYG8J_A6stnBn9rOYIH_mxBy dCpDMq62UpfzCkkI9YwgNKCdul7G88amZJ6MOaSViMZ8_C5uqiVPng3ZlvKEiLG4FN 70EmmzrykvGmI0b2WCM0fOii1MEryoA==-G3AAAMSgebENbEH38gSnnGkgHlmStoiOfPx2cBzqeRM7o2TOc0WiRMjoukLLXP0_Rz7cNHEuS8ChC_t1gO Ue5RZCeYG9o_5uL8Pmp2hTx7eftiloP5cdrjc4zdUfeybKZOvBA==

http://www.currentdownloadsigns.com/xY6jRyPZsI8 etXc3fRVYQCBiW1OrYaid 7bgFgBkCrbpLyJHsKBmGxkzxuyg4B39XhQp4hOo4m89KmuUwKceDzUHbN_TSctMgg3nSP9cAmm313r3burxJe7dISXvbIiVsCHItGANNLUM2iGN3E4HGfwPRNFcg==-GzEAAGR3nt8U1 NzSGu11Y7FCkEPIoosGinuU9fyEmEDck L6_lnBupkOFE3j1djSVkayBU=

http://www.currentdownloadsigns.com/SHdHMXrV E96RVIetqv2bnkebRAgKolXI ZlvMxFJB1dHj_wxst17e6mlo79SrQ4AWhvqTEeBy76LKHP21nUPFE8JoiQ0VW7km0mygEEaB9yGJGYL2cUxGuISTljeWLXNBZSReTvCAWZ4dUEW_A YRh8zbdSA==-ixiAaHR0cHM6Ly9kbC5hcHB6b25hLm9yZy96d3MvWm9uYVdlYlNldHVwWzJXQXZQXS5leGUD

http://www.currentdownloadsigns.com/t R p8EM_bsEBQHG8XdMx38TJ_LPbe2VzBpU9i7bS3G4j00TI_TXtrziJ Ewr2rwqUYt8BTELqo3KOqk8gFk1lztfrdCNgTIX58IjDu6Ezad9jsKCOftGgwuD0zazh371bt5hjNpmzz1PrTqIh1rXVG8OaWzOOMQ29UFadB ZBDuMBKtj9I=-G0MAAMRv548bZdpMBulSd0Whxwn_wwYcsBfZgIPwdH7clLI3SBQ3kwG0ft3_Vasjf5BFjnTUwNtBfHhVRNdn8MnIEw==

http://www.towernewlaboratory.com/Bf4D0cxNJl KY7nQo768L04zF3o35XI3fL snWZ_T1jXRF86Bs2e5jqj8p8XJo3SeIhAgF3t0owVc6af2PCnKgfAOYO7zIeTGHAV ySxDNQS54kwdaYAYJxs7nc bi9ZhyNMrUVqkzwsCbzHtoUjRR0lbpweIT3eo7ngnN2qRPfyursSuWI=-ixiAaHR0cHM6Ly9kbC5hcHB6b25hLm9yZy96d3MvWm9uYVdlYlNldHVwWzJFQ0NRXS5leGUD

http://www.towernewlaboratory.com/3YXX0fonOcFM663hvsccx yEpU_e9zu6C4y4drHww5_YqqiV INxybj7BIOMh0aCwntrMqqjhyObjtFOUplXe43Mnk2BFPNQzy0ArRgQGAFkjQWjwdU1vuBp5y6_OkAQlQjDriejOxeK1ckkXJRK1SkdlkJUk0H9fV3cd_RP7FUT7X28umd9wND6DpknKsTtmFiHvvEF-G0oAAMTa3Dhp4NQwNawNEcfBPyQvKfyHVQ8iiiwqKe7zihglIi1zjLS4Lv_0xWiQ7sGAd1chChIoblVhvKs97TvKus_tzPoq

http://install.zonastat.com/ZonaWebSetup.exe

Remove zonawebsetup[228uy].exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.