× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2e59f84c83a940d7b1f95c92bec7a6d124b862b0f1472ffe86b999003dfeffa
File name: ZonaSetup[85OjF].exe
Detection ratio: 8 / 64
Analysis date: 2017-08-27 04:04:30 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Cylance Unsafe 20170827
DrWeb Program.Zona.86 20170827
Endgame malicious (moderate confidence) 20170821
K7AntiVirus Adware ( 004fffba1 ) 20170824
K7GW Hacktool ( 655367771 ) 20170821
Kaspersky not-a-virus:Downloader.Win32.Snojan.cbcx 20170827
Rising Malware.Heuristic!ET#100% (cloud:rRJxL1XJalO) 20170827
ZoneAlarm by Check Point not-a-virus:Downloader.Win32.Snojan.cbcx 20170827
Ad-Aware 20170827
AegisLab 20170827
AhnLab-V3 20170826
Alibaba 20170825
ALYac 20170827
Antiy-AVL 20170827
Arcabit 20170827
Avast 20170827
AVG 20170827
Avira (no cloud) 20170826
AVware 20170827
Baidu 20170825
BitDefender 20170827
Bkav 20170826
CAT-QuickHeal 20170826
ClamAV 20170827
CMC 20170826
Comodo 20170827
CrowdStrike Falcon (ML) 20170804
Cyren 20170827
Emsisoft 20170827
ESET-NOD32 20170826
F-Prot 20170827
F-Secure 20170827
Fortinet 20170827
GData 20170827
Ikarus 20170826
Sophos ML 20170822
Jiangmin 20170827
Kingsoft 20170827
Malwarebytes 20170827
MAX 20170827
McAfee 20170826
McAfee-GW-Edition 20170827
Microsoft 20170827
eScan 20170827
NANO-Antivirus 20170827
nProtect 20170827
Palo Alto Networks (Known Signatures) 20170827
Panda 20170826
Qihoo-360 20170827
SentinelOne (Static ML) 20170806
Sophos AV 20170827
SUPERAntiSpyware 20170826
Symantec 20170826
Symantec Mobile Insight 20170825
Tencent 20170827
TheHacker 20170825
TrendMicro 20170827
TrendMicro-HouseCall 20170827
Trustlook 20170827
VBA32 20170825
VIPRE 20170827
ViRobot 20170826
Webroot 20170827
WhiteArmor 20170817
Yandex 20170825
Zillya 20170825
Zoner 20170827
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2017

Product Zona installer
Internal name ZonaInstaller.exe
File version 2.0.0.6
Description Zona installer
Signature verification Signed file, verified signature
Signing date 9:02 AM 8/11/2017
Signers
[+] Chetvertoe pokolenie, OOO
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 06/27/2016
Valid to 11:59 PM 08/30/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 36C1A33E95FAFB8808EA35BE30B5C09CFB66031E
Serial number 2B 28 00 1B 5A BF AC 6B 6A 38 58 A0 72 7C 9B 36
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 05/09/2013
Valid to 11:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-11 08:02:52
Entry Point 0x00058F7A
Number of sections 5
PE sections
Overlays
MD5 b0be1edc3d2f5361703da0ad6ebdee50
File type data
Offset 41263616
Size 6320
Entropy 7.40
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
GetUserNameA
EqualSid
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
TextOutW
DeleteDC
SetBkMode
GetTextColor
SelectObject
SetTextAlign
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontW
SetTextColor
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetSystemTime
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
VerSetConditionMask
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
InterlockedIncrement
FindFirstFileW
IsValidLocale
FindFirstFileExW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
Process32FirstW
GetSystemDefaultLangID
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FindResourceExW
GetLongPathNameW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
GetErrorInfo
SysFreeString
VariantClear
SysAllocString
SHGetFolderPathW
SHCreateDirectoryExW
SHBrowseForFolderW
SHChangeNotify
Ord(165)
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHFileOperationW
SHGetMalloc
CommandLineToArgvW
wnsprintfW
Ord(12)
PathIsDirectoryW
StrToIntW
EndPaint
UpdateWindow
PostQuitMessage
SetWindowTextW
DefWindowProcW
GetMessageW
ShowWindow
DrawStateW
DrawFrameControl
SetWindowPos
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetWindowRect
RegisterClassExW
TranslateMessage
PostMessageW
DispatchMessageW
BeginPaint
SendMessageW
wsprintfW
GetClientRect
DrawTextW
InvalidateRect
CallWindowProcW
EnableWindow
GetClassInfoW
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
GetWindowLongW
DestroyWindow
TranslateAcceleratorW
IsThemeActive
DrawThemeText
OpenThemeData
DrawThemeBackground
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetSetCookieW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersW
GdipGetImageBounds
GdipDrawLineI
GdipCreateFromHDC
GdipLoadImageFromStream
GdipCreatePen1
GdipFree
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipDeletePen
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoCreateGuid
CLSIDFromProgID
CoInitializeSecurity
CoUninitialize
OleRun
StringFromGUID2
CoSetProxyBlanket
Number of PE resources by type
RT_ICON 10
LIC 3
I18N 3
PACK 3
IMG 2
RT_GROUP_ICON 2
JAR 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 25
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.6

LanguageCode
Unknown (0019)

FileFlagsMask
0x003f

FileDescription
Zona installer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
40759296

EntryPoint
0x58f7a

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
2.0.0.6

TimeStamp
2017:08:11 09:02:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ZonaInstaller.exe

ProductVersion
2.0.0.6

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
4th generation

CodeSize
503296

ProductName
Zona installer

ProductVersionNumber
2.0.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c0887791e555066c6b380734a331ac8c
SHA1 f962504350e9ea743c61a477e9b72d3af2327957
SHA256 b2e59f84c83a940d7b1f95c92bec7a6d124b862b0f1472ffe86b999003dfeffa
ssdeep
786432:feehADS9F6CrRKFXMLg/0Cgu6GYOQ5b2AN21uOyBxtszdHXj:haS9F/tKFXD8CgJGV+b2As1uOyBxmHz

authentihash 069316bdd0aaf3504acae991ff0e5a390e7d2ef0f6c80e3f1d46ea26c715c2aa
imphash 77a34ba545b9dbf4cf0acbbe517ed1b3
File size 39.4 MB ( 41269936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-08-11 13:22:45 UTC ( 1 year, 8 months ago )
Last submission 2018-10-05 15:28:14 UTC ( 6 months, 2 weeks ago )
File names ZonaSetup[8VIae].exe
ZonaSetup[8Lj8_].exe
ZonaSetup.exe
ZonaSetup[8o3na].exe
ZonaSetup[8oyU6].exe
ZonaSetup[8QXcz].exe
ZonaSetup[8sUMZ].exe
ZonaSetup[8CZGY].exe
ZonaSetup[8vQMX].exe
ZonaSetup[8PFRO].exe
ZonaSetup[8OOfj].exe
ZonaSetup[8OSoN].exe
ZonaSetup[8nVnl].exe
ZonaSetup[8QWR3].exe
ZonaSetup[85bxS].exe
ZonaSetup[8V1cC].exe
ZonaSetup[8s3kA].exe
ZonaSetup[85Uc8].exe
ZonaSetup[85RRy].exe
ZonaSetup[8Vxwu].exe
ZonaSetup[8Ou3a].exe
ZonaSetup[8waeZ].exe
ZonaSetup[8oyeq].exe
ZonaSetup[8nP6n].exe
ZonaSetup[8Q0Bh].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!