Sample: 02f52dd8bb5e4de0855c51b810bc3571

Note: if you are new to ThreatMiner, check out the how-to page to find out how you can get the most out of this portal.

Metadata
File name:ZonaSetup[2dTzt].exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:40147120 bytes
Analysis date:Analyzed on December 2 2016 01:07:49
MD5:02f52dd8bb5e4de0855c51b810bc3571
SHA1:d20a423d2fcab227355f279d7d2997685498ea22
SHA256:10367fe8f0cd7c330332758006e389ca68351656295d7c9dcc2fd51b52327d31
SHA512:55365a9cf0b23a229bec58ff423db2cd9f094989e1f6cc3ac7a7594b9b84bfe9fbd0a3e95576cdf7fc01c5d77d6d49886172c297685b03800853643a8be9a45e
SSDEEP:N/A
IMPHASH:N/A
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 02f52dd8bb5e4de0855c51b810bc3571.
Loading...
HTTP Requests
HTTP requests the malware sample makes.
HostURLUser-Agent
185.22.234.113/installer2.html?param=63a45c4373fbe96c272e737ffe5caba2117b555f2dcafbadc3ff039e7bd5c95d3bd8d7dde62410417baac2a100fc1218f5f0c2252...httpget
N/A
N/A
N/A
185.22.235.16/ffull_1.461.binhttpget
N/A
N/A
N/A
185.22.235.16/ffull_1.461.bin31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A [1.1..User-Agent:]
N/A
N/A
N/A
185.22.235.16/ffull_1.461.binhttpget
N/A
N/A
N/A
185.22.235.16/ffull_1.461.bin0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 68 74 74 [.User-Agent
N/A
N/A
N/A
46.254.17.120/rc/config.sec?14806525801100A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 [.User-Agent
N/A
N/A
N/A
46.254.17.120/solr/partner_player/select/?q=*:*&version=2.2&wt=json&start=0&rows=214748364731 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A [1..User-Agent
N/A
N/A
N/A
185.22.234.113/getGeoInfo55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 [User-Agent
N/A
N/A
N/A
94.140.200.160/player_videomore_.swfJakarta Commons-HttpClient/3.1
N/A
N/A
N/A
194.190.76.3/iplayer.swf0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 [..User-Agent
N/A
N/A
N/A
109.105.156.160/crossdomain.xmlJakarta Commons-HttpClient/3.1
N/A
N/A
N/A
5.35.172.5/version?d5%3Aappid2%3Azo7%3Aappname4%3AZona4%3Aguid36%3AD5C34828-FF74-44FF-B8F7-ECCDAEDDC1262%3Aid20%3AxbllqSXQCHd2f12Eniz43%3A...Java/1.8.0_25
N/A
N/A
N/A
5.35.172.5/update.html?rnd=0.8691325058372328&guid=D5C34828-FF74-44FF-B8F7-ECCDAEDDC126&version_old=0.0.0.0&version_new=1.0.7.8&java=1.8.0...Java/1.8.0_25
N/A
N/A
N/A
AV Detections
AV detection names associated with the malware sample.
Mutants
Mutants created by the malware sample.
"\Sessions\1\BaseNamedObjects\zonaFull"
"\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"
"\Sessions\1\BaseNamedObjects\_SHuassist.mtx"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"
"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!roaming!microsoft!windows!cookies!"
"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!local!microsoft!windows!history!history.ie5!"
"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
"\Sessions\1\BaseNamedObjects\RasPbFile"
"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
Registry keys
Registry keys created by the malware sample.
Comments
User comments about 02f52dd8bb5e4de0855c51b810bc3571.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.