» OrbiterInstaller.exe
Overview
Analysis
File Details
Downloads (1)

OrbiterInstaller.exe

Orbiter

Client Connect LTD

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application OrbiterInstaller.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from spms-storage.spccint.com.

File name:

Publisher:

Client Connect LTD

Product:

Orbiter

Version:

1.0.2.6

MD5:

35e71091753b3d4fa46b9feade13e92e

SHA-1:

520f12b8620304f10bc620e9b4e0a8aab9b8a086

SHA-256:

91e0ee788586c46c9aa9946e8147bdbe1017667c5cb4ec673ada2adacb1d49b5

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 7:57:08 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.4.3.5

File size:

814.3 KB (833,856 bytes)

Product version:

1.0.2.6

Original file name:

OrbiterInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\orbiterinstaller.exe

File PE Metadata

Compilation timestamp:

7/6/2011 7:31:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:vzMMHyoh2bHpoUPxIooxXSL3uS/16x2v89jw:v1y62LpAo7buS/16x2vqjw

Entry address:

0x3415

Entry point:

8B, D7, F2, 48, 69, C0, D7, F2, 62, 03, 85, DB, 78, 06, 85, C7, 84, EC, 20, F1, 00, DB, F2, FF, C0, 69, ED, 9F, 91, FB, 99, 15, 76, DF, D8, 33, 3B, C0, 8D, 19, FF, C7, 0F, B6, CF, 1C, AF, 6B, D2, 00, 85, F2, B9, BC, 3E, E5, 8E, 87, D3, 3B, CD, 78, 06, 24, 60, 86, C9, 88, F5, 8A, EC, F6, C0, CD, F2, 57, 80, F1, 20, 69, D0, A8, B9, 63, 1F, BB, 60, 6B, 9B, D1, 2B, F0, 25, D7, 72, B1, 94, FE, C4, 14, 4F, 81, C2, 17, 52, 98, 96, E8, 29, 00, 00, 00, 74, 06, 8D, 35, D3, DA, 79, 7F, 0F, AF, F7, 1D, DA, 00, 55, 84... 
[+]

Entropy:

7.7864 (probably packed)

Code size:

26 KB (26,624 bytes)

The file OrbiterInstaller.exe has been seen being distributed by the following URL.

http://spms-storage.spccint.com/Installer/.../OrbiterInstaller.exe

Remove OrbiterInstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.