orbit.downloader.4.1.1.19.portable.rar

The file orbit.downloader.4.1.1.19.portable.rar has been detected as a potentially unwanted program by 18 anti-malware scanners. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from cfile28.uf.tistory.com.
MD5:
e3d678a291ee1c42e66aafbf56d9d2f6

SHA-1:
36bb712861a3c0ed452883c8b85cc106e6410bd1

SHA-256:
c11cf8f38be56a3920900a92b2c5683f97e41f5fe72712c628e203490d411f91

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
3/11/2025 6:04:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenCandy
7.1.1

AVG
Generic
2016.0.2915

Baidu Antivirus
PUA.Win32.Downloader
4.0.3.151124

Bkav FE
W32.HfsAdware
1.3.0.7383

ESET NOD32
Win32/OpenCandy potentially unsafe application
7.0.302.0

G Data
Win32.Application.OpenCandy
15.11.25

K7 AntiVirus
Unwanted-Program
13.211.17622

Kaspersky
Trojan-DDoS.Win32.OrboDDoS
15.0.0.562

Malwarebytes
PUP.Optional.OpenCandy
v2015.11.24.06

NANO AntiVirus
Trojan.Win32.OpenCandy.dwzazk
0.30.26.3947

Panda Antivirus
PUP/Multitoolbar
15.11.24.06

Quick Heal
NetTool.GushUnleashed.r4 (Not a Virus)
11.15.14.00

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5[F1]
23.00.65.151122

Sophos
PUA 'OpenCandy'
5.15

Trend Micro House Call
ADW_OPENCANDY
7.2.328

Trend Micro
ADW_OPENCANDY
10.465.24

Vba32 AntiVirus
TrojanDDoS.OrboDDoS
3.12.26.4

VIPRE Antivirus
InstallCore
44756

File size:
5.9 MB (6,218,862 bytes)

Common path:
C:\users\{user}\downloads\orbit.downloader.4.1.1.19.portable.rar

The file orbit.downloader.4.1.1.19.portable.rar has been seen being distributed by the following URL.

Remove orbit.downloader.4.1.1.19.portable.rar - Powered by Reason Core Security