» zona.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (210)

zona.exe

Zona

Destiny Media

The application zona.exe by Destiny Media has been detected as a potentially unwanted program by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Zona’. This file is typically installed with the program Zona by Zondervan. While running, it connects to the Internet address bedenko-m.regionset.ru on port 49300.

File name:

zona.exe

Publisher:

Destiny Media (signed and verified)

Product:

Zona

Version:

1.0.4.0

MD5:

3bc6df224644badaba8009cce2b08f00

SHA-1:

43a02aca07c2438c1ec6897572269ef2c65bee2d

SHA-256:

7dca9eae222f7d4eb43ceff10d9523340e22ebc1c60474319e7e7488b4cdd2df

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 2:05:15 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dropper.W32.Agent

2.1.4+

Dr.Web

Adware.Downware.3011

9.0.1.0274

Reason Heuristics

PUP.Startup.DestinyMedia.E

14.10.1.12

Vba32 AntiVirus

Signed-Downware.ZvuZona

3.12.26.0

File size:

645.5 KB (660,992 bytes)

Product version:

1.0.4.0

File type:

Executable application (Win32 EXE)

Language:

Ruso

Common path:

C:\Program Files\zona\zona.exe

Digital Signature

Signed by:

Destiny Media

Authority:

VeriSign, Inc.

Valid from:

4/1/2013 2:00:00 AM

Valid to:

7/2/2014 1:59:59 AM

Subject:

CN=Destiny Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Destiny Media, L=Moscow, S=Moscow, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

12E105874BD7B6030B1F1ABB57C21D0D

File PE Metadata

Compilation timestamp:

12/19/2013 11:29:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:6biPVm08GjvBBkolywVoQNxVH6A9lOMizVg51dw0WFwoSxK+ht:6brGlBrlywxVH6AmMiWdwnFYt

Entry address:

0x186ED0

Entry point:

60, BE, 00, B0, 50, 00, 8D, BE, 00, 60, EF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 74, 42, 18, 00, 57, 83, C3, 04, 53, 68, C1, BE, 07, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

500 KB (512,000 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Zona

Command:

C:\Program Files\zona\zona.exe \minimized

The file zona.exe has been discovered within the following programs.

Zona by Zondervan

About 9% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server.zona.ru (91.218.231.97:80)

TCP:

Connects to xDSL-178-35-49-242.soes.su (178.35.49.242:27775)

TCP:

Connects to vra-094-126.vivanet.net.ua (46.150.94.126:62406)

TCP:

Connects to vra-066-229.vivanet.net.ua (46.150.66.229:60105)

TCP:

Connects to user-20.81.118.217.in-addr.arpa (217.118.81.20:64535)

TCP (HTTP):

Connects to tracker.openbittorrent.com (31.172.63.252:80)

TCP:

Connects to static-213-88-118-168.netbynet.ru (213.88.118.168:35386)

TCP:

Connects to SOL-FTTB.186.17.119.46.sovam.net.ua (46.119.17.186:31908)

TCP:

Connects to shpd-95-53-143-247.vologda.ru (95.53.143.247:36930)

TCP:

Connects to shpd-78-36-172-50.static.vologda.ru (78.36.172.50:57889)

TCP:

Connects to res84-42.mediana.net.ua (46.175.84.42:56668)

TCP:

Connects to pppoe-sktv-78-157-231-163.kamtv.ru (78.157.231.163:28742)

TCP:

Connects to pppoe-dyn-109-161-28-170.kosnet.ru (109.161.28.170:25227)

TCP:

Connects to pppoe-77-234-9-17.kosnet.ru (77.234.9.17:62404)

TCP:

Connects to pppoe42.net46-233-241.se1.omkc.ru (46.233.241.42:18868)

TCP:

Connects to pppoe236.net176-62-112.se1.omkc.ru (176.62.112.236:49102)

TCP:

Connects to ppp95-165-131-202.pppoe.spdop.ru (95.165.131.202:27650)

TCP:

Connects to ppp91-78-212-118.pppoe.mtu-net.ru (91.78.212.118:17826)

TCP:

Connects to ppp83-237-9-224.pppoe.mtu-net.ru (83.237.9.224:63761)

TCP:

Connects to ppp-58-11-216-211.revip2.asianet.co.th (58.11.216.211:28012)

Remove zona.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.