Orbitnet.exe

P2P service of Orbit Downloader

Orbitdownloader.com

The application Orbitnet.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This file is typically installed with the program Orbit Downloader 4.1.0.0 by Novin Pendar Co. Ltd.. The file has been seen being downloaded from m.ak.fbcdn.net. While running, it connects to the Internet address 81.c5.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Orbitdownloader.com

Product:
P2P service of Orbit Downloader

Version:
2, 6, 0, 4

MD5:
2930d5b1527b754d3b2cde713ae227c0

SHA-1:
6cca193bd6e17580ee34fc0c3edb6420a5626adc

SHA-256:
14da9da2160c4c592d3abfe8068b2ec3f0b1ba2ae53d449f098a1ca10af2ff04

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 3:34:28 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
HackTool.Win32.GushUnleashed
4.0.3.1419

Bkav FE
W32.Clodbc6.Trojan
1.3.0.4613

Boost by Reason
Optional.Orbitdownloader.I
188163

IKARUS anti.virus
not-a-virus:NetTool.Win32.GushUnleashed
t3scan.2.0.3.0

Kaspersky
not-a-virus:NetTool.Win32.GushUnleashed
14.0.0.4492

Reason Heuristics
PUP.OrbitDownloader.Meta
15.4.26.11

Trend Micro House Call
TROJ_GEN.R0C1H07K113
7.2.9

File size:
544 KB (557,056 bytes)

Product version:
2, 6, 0, 4

Copyright:
Copyright 2006 - 2009 Oribtdownloader.com

Original file name:
Orbitnet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\orbit downloader\orbitnet.exe

File PE Metadata
Compilation timestamp:
4/28/2011 2:50:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sradmOY+H59nhjl8ucHFxjZhLvo2oaPC/:sradmOznhJ8u0FxVhQD

Entry address:
0x5F1C5

Entry point:
55, 8B, EC, 6A, FF, 68, 10, 3E, 47, 00, 68, 00, DB, 45, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 84, 30, 47, 00, 33, D2, 8A, D4, 89, 15, 80, E4, 48, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 7C, E4, 48, 00, C1, E1, 08, 03, CA, 89, 0D, 78, E4, 48, 00, C1, E8, 10, A3, 74, E4, 48, 00, 6A, 01, E8, CE, 5E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, A7, 2F, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.3808

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
456 KB (466,944 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\Orbitdownloader\orbitnet.exe


The file Orbitnet.exe has been discovered within the following program.

Orbit Downloader 4.1.0.0  by Novin Pendar Co. Ltd.
www.NPShop.Net
About 1% of users remove it
 
Powered by Should I Remove It?

The file Orbitnet.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 45.af.84ae.static.theplanet.com  (174.132.175.69:443)

TCP (HTTP):
Connects to 81.c5.a86c.ip4.static.sl-reverse.com  (108.168.197.129:80)

Remove Orbitnet.exe - Powered by Reason Core Security