home

OrbitDM.exe

Orbit Downloader

Orbitdownloader.com

The application OrbitDM.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address 7e.02.acb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Orbitdownloader.com

Product:
Orbit Downloader

Version:
4, 0, 0, 5

MD5:
74522da4e9b9fb0f12c89aad49888d11

SHA-1:
b4b49de828d3f747c318bb78562b3ceb72116f33

SHA-256:
c9d799495706feb208089aa7b2d3fbeb3cc39702381dd7557bac3adf4c2db848

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 12:59:52 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Orbitdownloader.H
188163

Reason Heuristics
PUP.OrbitDownloader (M)
16.11.28.22

File size:
1.8 MB (1,835,106 bytes)

Product version:
4.0.0.5

Copyright:
Copyright 2006 - 2010 Oribtdownloader.com

Original file name:
OrbitDM.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\orbitdownloader\orbitdm.exe

File PE Metadata
Compilation timestamp:
12/1/2010 11:19:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:IW9IaoJ1p3dnNYluWbKIOa4b6TIi9TVaac0zFw2nZCroQZk8f119bcTtcTS:hcbp3ZNNf6TIi9TVJZCrFBbcTtcTS

Entry address:
0xE67E2

Entry point:
55, 8B, EC, 6A, FF, 68, 18, 50, 4F, 00, 68, 24, 67, 4E, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 94, 25, 4F, 00, 59, 83, 0D, A4, CD, 50, 00, FF, 83, 0D, A8, CD, 50, 00, FF, FF, 15, 90, 25, 4F, 00, 8B, 0D, 8C, CD, 50, 00, 89, 08, FF, 15, 8C, 25, 4F, 00, 8B, 0D, 88, CD, 50, 00, 89, 08, A1, 88, 25, 4F, 00, 8B, 00, A3, A0, CD, 50, 00, E8, 1C, 01, 00, 00, 39, 1D, B0, 9D, 50, 00, 75, 0C, 68, 6A, 69, 4E, 00, FF, 15, 84, 25...
 
[+]

Entropy:
6.3477

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
964 KB (987,136 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\Orbitdownloader\orbitdm.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 7e.02.acb8.ip4.static.sl-reverse.com  (184.172.2.126:80)

TCP (HTTP):
Connects to static.ill.210.212.78.205/24.bsnl.in  (210.212.78.205:80)

Remove OrbitDM.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.