home

zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Zona by Zondervan. While running, it connects to the Internet address 18148.pavlabor.net on port 36434.
Publisher:
Destiny Media  (signed and verified)

Product:
Zona

Version:
1.0.4.2

MD5:
b384f3c30f0e201cb9df113f9c154bf0

SHA-1:
1d81a666b6d1933ffd8bb640c4daa63cb177a4ca

SHA-256:
e73cb753bf581e3c82006e12a228e398007d58600141d4e3ab72a91c2cd01cf1

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:19:57 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Agent
2.1.4+

Dr.Web
Adware.Downware.3011
9.0.1.0274

Reason Heuristics
PUP.DestinyMedia.E
14.10.1.12

Vba32 AntiVirus
Signed-Downware.ZvuZona
3.12.26.0

File size:
648.5 KB (664,064 bytes)

Product version:
1.0.4.2

Copyright:
Copyright (C) 2013

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zona\zona.exe

Digital Signature
Signed by:
Destiny Media

Authority:
VeriSign, Inc.

Valid from:
4/1/2013 4:00:00 AM

Valid to:
7/2/2014 3:59:59 AM

Subject:
CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata
Compilation timestamp:
1/30/2014 12:18:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:BWPRQqO8sWbh12ZL7VCUR0BejacxazECz0aacVcoSgKeB5:QJnO8sWbhQZfVh00acxE0aacV5

Entry address:
0x188B20

Entry point:
60, BE, 00, C0, 50, 00, 8D, BE, 00, 50, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, F3, 64, 18, 00, 57, 83, C3, 04, 53, 68, 17, CB, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
504 KB (516,096 bytes)

The file zona.exe has been discovered within the following programs.

Zona  by Zondervan
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server.zona.ru  (91.218.231.97:80)

TCP (HTTP):
Connects to ns2.mp3poisk.ru  (46.254.17.120:80)

TCP:
Connects to X245.bbn07-214.lipetsk.ru  (178.234.214.245:51933)

TCP:
Connects to X212.bbn2-114.lipetsk.ru  (95.179.114.212:33642)

TCP:
Connects to X181.bbn2-023.lipetsk.ru  (95.179.23.181:17051)

TCP:
Connects to www.users.mns.ru  (178.162.25.19:27558)

TCP:
Connects to v-5-520-d2186-104.webazilla.com  (78.140.134.104:1680)

TCP (HTTP):
Connects to uu.inetcom.com.ua  (77.90.192.206:80)

TCP:
Connects to usernat-91.215.8.1.tupoleva.net  (91.215.8.1:45814)

TCP:
Connects to user-25.81.118.217.in-addr.arpa  (217.118.81.25:6882)

TCP:
Connects to u140.vlan43.avers-telecom.ru  (89.105.156.140:33922)

TCP (HTTP):
Connects to tracker.openbittorrent.com  (31.172.63.252:80)

TCP:
Connects to ti0182a400-2190.bb.online.no  (85.166.99.149:63254)

TCP:
Connects to ti0034a400-2795.bb.online.no  (85.167.41.245:39319)

TCP:
Connects to static109.lutacom.net  (91.212.248.109:35691)

TCP:
Connects to spd-121.istra.ru  (78.24.24.121:51203)

TCP:
Connects to SOL-FTTB.68.28.118.46.sovam.net.ua  (46.118.28.68:63664)

TCP:
Connects to SOL-FTTB.14.151.118.46.sovam.net.ua  (46.118.151.14:58435)

TCP:
Connects to shpd-78-36-164-238.static.vologda.ru  (78.36.164.238:49214)

TCP:
Connects to shpd-178-69-106-75.vologda.ru  (178.69.106.75:54481)

Remove zona.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.