02f52dd8bb5e4de0855c51b810bc3571 File Analysis Results

Metadata

File name:	ZonaSetup[2dTzt].exe
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File size:	40147120 bytes
Analysis date:	Analyzed on December 2 2016 01:07:49
MD5:	02f52dd8bb5e4de0855c51b810bc3571
SHA1:	d20a423d2fcab227355f279d7d2997685498ea22
SHA256:	10367fe8f0cd7c330332758006e389ca68351656295d7c9dcc2fd51b52327d31
SHA512:	55365a9cf0b23a229bec58ff423db2cd9f094989e1f6cc3ac7a7594b9b84bfe9fbd0a3e95576cdf7fc01c5d77d6d49886172c297685b03800853643a8be9a45e
SSDEEP:	N/A
IMPHASH:	N/A
Authentihash:	N/A
Related resources

APTNotes
Cyber threat intelligence reports associated with 02f52dd8bb5e4de0855c51b810bc3571.

Domains
Domains the malware sample communicates with.

Hosts
Hosts the malware sample communicates with.

HTTP Requests
HTTP requests the malware sample makes.

Host	URL	User-Agent
185.22.234.113	/installer2.html?param=63a45c4373fbe96c272e737ffe5caba2117b555f2dcafbadc3ff039e7bd5c95d3bd8d7dde62410417baac2a100fc1218f5f0c2252...	httpget
N/A
N/A
N/A
185.22.235.16	/ffull_1.461.bin	httpget
N/A
N/A
N/A
185.22.235.16	/ffull_1.461.bin	31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A [1.1..User-Agent:]
N/A
N/A
N/A
185.22.235.16	/ffull_1.461.bin	httpget
N/A
N/A
N/A
185.22.235.16	/ffull_1.461.bin	0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 68 74 74 [.User-Agent
N/A
N/A
N/A
46.254.17.120	/rc/config.sec?1480652580110	0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 [.User-Agent
N/A
N/A
N/A
46.254.17.120	/solr/partner_player/select/?q=:&version=2.2&wt=json&start=0&rows=2147483647	31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A [1..User-Agent
N/A
N/A
N/A
185.22.234.113	/getGeoInfo	55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 76 61 [User-Agent
N/A
N/A
N/A
94.140.200.160	/player_videomore_.swf	Jakarta Commons-HttpClient/3.1
N/A
N/A
N/A
194.190.76.3	/iplayer.swf	0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4A 61 [..User-Agent
N/A
N/A
N/A
109.105.156.160	/crossdomain.xml	Jakarta Commons-HttpClient/3.1
N/A
N/A
N/A
5.35.172.5	/version?d5%3Aappid2%3Azo7%3Aappname4%3AZona4%3Aguid36%3AD5C34828-FF74-44FF-B8F7-ECCDAEDDC1262%3Aid20%3AxbllqSXQCHd2f12Eniz43%3A...	Java/1.8.0_25
N/A
N/A
N/A
5.35.172.5	/update.html?rnd=0.8691325058372328&guid=D5C34828-FF74-44FF-B8F7-ECCDAEDDC126&version_old=0.0.0.0&version_new=1.0.7.8&java=1.8.0...	Java/1.8.0_25
N/A
N/A
N/A

AV Detections
AV detection names associated with the malware sample.

Mutants
Mutants created by the malware sample.

"\Sessions\1\BaseNamedObjects\zonaFull"

"\Sessions\1\BaseNamedObjects\{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}"

"\Sessions\1\BaseNamedObjects\_SHuassist.mtx"

"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"

"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"

"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"

"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"

"\Sessions\1\BaseNamedObjects\IESQMMUTEX_0_208"

"\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"

"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!roaming!microsoft!windows!cookies!"

"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!local!microsoft!windows!history!history.ie5!"

"\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"

"\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"

"\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"

"\Sessions\1\BaseNamedObjects\RasPbFile"

"\Sessions\1\BaseNamedObjects\Local\c:!users!t3gxzbc!appdata!local!microsoft!windows!temporary internet files!content.ie5!"

Registry keys
Registry keys created by the malware sample.

Comments
User comments about 02f52dd8bb5e4de0855c51b810bc3571.

File: 02f52dd8bb5e4de0855c51b810bc3571