OrbitDM.exe

Orbit Downloader

Orbitdownloader.com

The application OrbitDM.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address 7e.02.acb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Orbitdownloader.com

Product:
Orbit Downloader

Version:
4, 0, 0, 4

MD5:
c04a196c4a65080f5dce1c1f81e217ed

SHA-1:
c33bb7a56a394c464db74932b9c56f596e7865f8

SHA-256:
90e88638ea2ced4cc3bab0a5a2850ff812c77ea6f4370eeef34e7f733cb0283f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 6:19:44 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Orbitdownloader.H
188861

Reason Heuristics
PUP.OrbitDownloader (M)
16.11.29.7

File size:
1.8 MB (1,835,069 bytes)

Product version:
4.0.0.4

Copyright:
Copyright 2006 - 2010 Oribtdownloader.com

Original file name:
OrbitDM.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\orbitdownloader\orbitdm.exe

File PE Metadata
Compilation timestamp:
9/29/2010 4:03:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:X7k+ucSTVNGYmgXgteLCPjE4pBbcTtcTZ:XTucSTnvmUgte+P7cTtcTZ

Entry address:
0xE68B2

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 50, 4F, 00, 68, 10, 6A, 4E, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 94, 25, 4F, 00, 59, 83, 0D, A4, CD, 50, 00, FF, 83, 0D, A8, CD, 50, 00, FF, FF, 15, 90, 25, 4F, 00, 8B, 0D, 8C, CD, 50, 00, 89, 08, FF, 15, 8C, 25, 4F, 00, 8B, 0D, 88, CD, 50, 00, 89, 08, A1, 88, 25, 4F, 00, 8B, 00, A3, A0, CD, 50, 00, E8, 22, 01, 00, 00, 39, 1D, B0, 9D, 50, 00, 75, 0C, 68, 40, 6A, 4E, 00, FF, 15, 84, 25...
 
[+]

Entropy:
6.3483

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
964 KB (987,136 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\Orbitdownloader\orbitdm.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 7e.02.acb8.ip4.static.sl-reverse.com  (184.172.2.126:80)

TCP (HTTP):
Connects to host-213.158.175.96.tedata.net  (213.158.175.96:80)

TCP (HTTP):
Connects to host-213.158.175.104.tedata.net  (213.158.175.104:80)

TCP (HTTP):
Connects to 7c.02.acb8.ip4.static.sl-reverse.com  (184.172.2.124:80)

Remove OrbitDM.exe - Powered by Reason Core Security