OrbiterInstaller.exe

Orbiter

Client Connect LTD

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application OrbiterInstaller.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from spms-storage.spccint.com.
Publisher:
Client Connect LTD

Product:
Orbiter

Version:
1.0.2.6

MD5:
35e71091753b3d4fa46b9feade13e92e

SHA-1:
520f12b8620304f10bc620e9b4e0a8aab9b8a086

SHA-256:
91e0ee788586c46c9aa9946e8147bdbe1017667c5cb4ec673ada2adacb1d49b5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
2/23/2020 12:27:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.4.3.5

File size:
814.3 KB (833,856 bytes)

Product version:
1.0.2.6

Copyright:
(c) 2014 ClientConnect Ltd.

Original file name:
OrbiterInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\orbiterinstaller.exe

File PE Metadata
Compilation timestamp:
7/6/2011 7:31:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:vzMMHyoh2bHpoUPxIooxXSL3uS/16x2v89jw:v1y62LpAo7buS/16x2vqjw

Entry address:
0x3415

Entry point:
8B, D7, F2, 48, 69, C0, D7, F2, 62, 03, 85, DB, 78, 06, 85, C7, 84, EC, 20, F1, 00, DB, F2, FF, C0, 69, ED, 9F, 91, FB, 99, 15, 76, DF, D8, 33, 3B, C0, 8D, 19, FF, C7, 0F, B6, CF, 1C, AF, 6B, D2, 00, 85, F2, B9, BC, 3E, E5, 8E, 87, D3, 3B, CD, 78, 06, 24, 60, 86, C9, 88, F5, 8A, EC, F6, C0, CD, F2, 57, 80, F1, 20, 69, D0, A8, B9, 63, 1F, BB, 60, 6B, 9B, D1, 2B, F0, 25, D7, 72, B1, 94, FE, C4, 14, 4F, 81, C2, 17, 52, 98, 96, E8, 29, 00, 00, 00, 74, 06, 8D, 35, D3, DA, 79, 7F, 0F, AF, F7, 1D, DA, 00, 55, 84...
 
[+]

Entropy:
7.7864  (probably packed)

Code size:
26 KB (26,624 bytes)

The file OrbiterInstaller.exe has been seen being distributed by the following URL.

Remove OrbiterInstaller.exe - Powered by Reason Core Security