home

gothic_rock_electronic_helalyn_flowers_-_white_me_in_black_me_out_bonus_tracks_version_-_2013_flac_t

Destiny Media

The file gothic_rock_electronic_helalyn_flowers_-_white_me_in_black_me_out_bonus_tracks_version_-_2013_flac_t by Destiny Media has been detected as a potentially unwanted program by 20 anti-malware scanners. The file has been seen being downloaded from dl3.zona.ru.
Publisher:
Destiny Media  (signed and verified)

Description:
Zona installer

Version:
1.0.0.0

MD5:
b39778d722637ca49ee83dad99e0323a

SHA-1:
768c5076cdbfe643e882dbe1bff9f249524a636a

SHA-256:
8d69a0174bf2e15e8145bfb72ae575568d55d69adb84169f471f867eb958997d

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:07:24 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DestinyMedia.CU
7.11.98.40

AVG
Skodna.Bundle
2014.0.3539

Bitdefender
Adware.Agent.NQU
1.0.20.1180

Comodo Security
Application.Win32.ZvuZona.A
16824

Dr.Web
Win32.HLLW.Autoruner1.51068
9.0.1.0236

Emsisoft Anti-Malware
Adware.Agent.NQU
8.13.08.24.01

ESET NOD32
Win32/ZvuZona (variant)
7.8727

Fortinet FortiGate
Adware/Fam.NB
11/26/2013

F-Secure
Adware.Agent.NQU
11.2013-24-08_7

G Data
Adware.Agent.NQU
13.8.22

herdProtect (fuzzy)
variant of spore_2008.exe (PUP)
2013.12.20.16

IKARUS anti.virus
AdWare.Agent
t3scan.2.0.127

Malwarebytes
PUP.Optional.Zona
v2013.08.24.01

McAfee
Artemis!B39778D72263
5600.7271

MicroWorld eScan
Adware.Agent.NQU
14.0.0.708

Panda Antivirus
Suspicious file
13.11.26.12

Reason Heuristics
PUP.Installer.DestinyMedia.AA
14.10.1.12

SUPERAntiSpyware
Adware.ZvuZona
10698

Vba32 AntiVirus
Win32.Zona
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
20882

File size:
129.5 KB (132,616 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\gothic_rock_electronic_helalyn_flowers_-_white_me_in_black_me_out_bonus_tracks_version_-_2013_flac_t.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
3/31/2013 5:00:00 PM

Valid to:
7/1/2014 4:59:59 PM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
5/15/2013 10:03:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:zOiyDxsHWq7IVNuutVY4t3hMafrZknlOwzmwNCdscout0QZ8:SDDxsHnIJVY41hx9wtCdscoS0Qm

Entry address:
0x4B9B0

Entry point:
60, BE, 00, 10, 43, 00, 8D, BE, 00, 00, FD, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 94, 9C, 04, 00, 57, 83, C3, 04, 53, 68, A2, A9, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8364  (probably packed)

Code size:
112 KB (114,688 bytes)

The file gothic_rock_electronic_helalyn_flowers_-_white_me_in_black_me_out_bonus_tracks_version_-_2013_flac_t has been seen being distributed by the following URL.

http://dl3.zona.ru/tmp/d1/.../gothic_rock_electronic_helalyn_flowers_-_white_me_in_black_me_out_bonus_tracks_version_-_2013_flac_t.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.