home

hobbit_pustosh_smauga.exe

Zona installer

Destiny Media

The application hobbit_pustosh_smauga.exe by Destiny Media has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.zona.ru.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.0.0

MD5:
15770b72174f1ab5ea76072115706734

SHA-1:
06dc3c4d6aafff21839a34fbf90d2d38b96280ae

SHA-256:
97f7c96a66fb2eee9d078f42f4429c73896ade922c14bf5c1a88c5bf3eb3787b

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 4:21:20 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

AVG
Generic
2015.0.3357

Comodo Security
Application.Win32.ZvuZona.A
19456

Dr.Web
riskware program Program.Zona.28
9.0.1.05190

ESET NOD32
Win32/ZvuZona.A potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.ZvuZona
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.Zona
v2014.09.08.01

McAfee
ZvuZona
5600.7013

Reason Heuristics
PUP.Installer.DestinyMedia.V
14.10.1.12

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.14906

SUPERAntiSpyware
Adware.Zona/Variant
10372

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

File size:
226.6 KB (232,048 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hobbit_pustosh_smauga.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
6/19/2014 4:00:00 AM

Valid to:
7/19/2016 3:59:59 AM

Subject:
CN=Destiny Media, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C1DB725B804FCDECB65D559B70318AB

File PE Metadata
Compilation timestamp:
7/2/2014 2:20:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:4nDtr3TdcvaURtwYu1TKI9S7v8RQ/M1GdhuDg+pmulCa6IW1NT/G/+YSoutyVO3:Uwu1r6vRzutc3bHzS+YSoSyVO3

Entry address:
0x99B40

Entry point:
60, BE, 00, 70, 46, 00, 8D, BE, 00, A0, F9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, EC, 75, 09, 00, 57, 83, C3, 04, 53, 68, 3C, 2B, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
208 KB (212,992 bytes)

The file hobbit_pustosh_smauga.exe has been seen being distributed by the following URL.

http://dl.zona.ru/.../ZonaWebSetup.exe

Remove hobbit_pustosh_smauga.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.