home

x3_albion_prelude_2011_rus_eng.exe

Destiny Media

The application x3_albion_prelude_2011_rus_eng.exe by Destiny Media has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.zona.ru.
Publisher:
Destiny Media  (signed and verified)

Description:
Zona installer

Version:
1.0.0.0

MD5:
f0db743626a86fe323725686656b777c

SHA-1:
57da08c123d12c4f2bebdf6d01c788fc900501d0

SHA-256:
4b34b014e9e6924915ba6b018ebae4bc77d02919caac228fe8356de820578c2b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 3:29:41 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3420

Comodo Security
Application.Win32.ZvuZona.A
18801

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/ZvuZona.A potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.Win32.ZvuZona
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12643

Malwarebytes
PUP.Optional.Zona
v2014.07.07.03

Reason Heuristics
PUP.Installer.DestinyMedia.EE
14.10.1.12

Rising Antivirus
PE:PUF.Zona!1.9E06
23.00.65.14705

Sophos
Zona Installer
4.98

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.26.3

File size:
145.3 KB (148,824 bytes)

Product version:
1.0.2.6

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\x3_albion_prelude_2011_rus_eng.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 4:00:00 AM

Valid to:
7/2/2014 3:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
8/27/2013 3:13:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:EFvuE3Fq95viY3p3VgTrwK8gTCaBxmVPEwluIWMRSoutYMsC:E5T34viY3p3VCUqCfVPEwluNDoSYMp

Entry address:
0x56340

Entry point:
60, BE, 00, 80, 43, 00, 8D, BE, 00, 90, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 62, 40, 05, 00, 57, 83, C3, 04, 53, 68, 3C, E3, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
124 KB (126,976 bytes)

The file x3_albion_prelude_2011_rus_eng.exe has been seen being distributed by the following URL.

http://dl.zona.ru/.../ZonaWebSetup.exe

Remove x3_albion_prelude_2011_rus_eng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.