home

windows_xp_professional_sp3_rus_original.exe

Zona installer

Destiny Media

The application windows_xp_professional_sp3_rus_original.exe by Destiny Media has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl2.getz.tv.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona installer

Version:
1.0.0.0

MD5:
1afb9c5a0785860fda2fd50067ea5b0a

SHA-1:
3b77b5b7069e80b987b85c9de42ec310972d431e

SHA-256:
7fc0a652d5bd4f49cc9513215566db76fedb3ece4a10037114c21370f8d11e5c

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:23:06 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.ZvuZona
7.1.1

Dr.Web
Trojan.StartPage.59964
9.0.1.096

ESET NOD32
Win32/ZvuZona (variant)
8.9494

herdProtect (fuzzy)
variant of uroki_fotografii_-_cherepashuk_p_-_kompozitsiya_v_fotografii_2012_pdf_djvu_rus.exe (PUP)
2014.4.6.22

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.4055

Malwarebytes
PUP.Optional.Zona
v2014.04.06.10

Reason Heuristics
PUP.Installer.DestinyMedia.i
14.10.1.12

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.14404

Sophos
Zona Installer
4.98

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27040

File size:
206.4 KB (211,336 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows_xp_professional_sp3_rus_original.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 6:00:00 AM

Valid to:
7/2/2014 5:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
1/29/2014 4:41:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:B8+9tCJQBqCYaM+QcEdNc4fdem9UJNh+ytHFoSyG6y:ff2aM+Qcn4V/8NhnpFoSyy

Entry address:
0x87540

Entry point:
60, BE, 00, A0, 45, 00, 8D, BE, 00, 70, FA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, B4, 50, 08, 00, 57, 83, C3, 04, 53, 68, 39, D5, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
188 KB (192,512 bytes)

The file windows_xp_professional_sp3_rus_original.exe has been seen being distributed by the following URL.

http://dl2.getz.tv/.../ZonaWebSetup.exe

Remove windows_xp_professional_sp3_rus_original.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.