» Orbitnet.exe
Overview
Analysis
File Details
Behaviors (3)
Programs (1)
Network (2)

Orbitnet.exe

P2P service of Orbit Downloader

Orbitdownloader.com

The application Orbitnet.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This file is typically installed with the program Orbit Downloader 4.1.0.0 by Novin Pendar Co. Ltd.. While running, it connects to the Internet address 45.af.84ae.static.theplanet.com on port 443.

File name:

Orbitnet.exe

Publisher:

Orbitdownloader.com

Product:

P2P service of Orbit Downloader

Version:

2, 6, 0, 4

MD5:

54e3a6f3daf1e11302a3e9e3692627dc

SHA-1:

377c4aaa6ba0e40bdce011e65c8f3de1b4a472b7

SHA-256:

22c88005a68be1eb184385b935e16adb71cd867d26076022aa0d2f9aa0312d99

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 7:42:47 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodbc6.Trojan

1.3.0.4613

Boost by Reason

Optional.Orbitdownloader.I

188163

IKARUS anti.virus

not-a-virus:NetTool.Win32.GushUnleashed

t3scan.2.0.3.0

Kaspersky

not-a-virus:NetTool.Win32.GushUnleashed

14.0.0.4581

Reason Heuristics

PUP.OrbitDownloader.Meta

15.4.26.11

Trend Micro House Call

TROJ_GEN.R0CBH07J113

7.2.354

File size:

544 KB (557,056 bytes)

Product version:

2, 6, 0, 4

Original file name:

Orbitnet.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\orbitdownloader\orbitnet.exe

File PE Metadata

Compilation timestamp:

9/11/2013 2:03:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:uradmOY+H59nhjl8ucHFxjZhLvo2oaPC/:uradmOznhJ8u0FxVhQD

Entry address:

0x5F1C5

Entry point:

55, 8B, EC, 6A, FF, 68, 10, 3E, 47, 00, 68, 00, DB, 45, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 84, 30, 47, 00, 33, D2, 8A, D4, 89, 15, 80, E4, 48, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 7C, E4, 48, 00, C1, E1, 08, 03, CA, 89, 0D, 78, E4, 48, 00, C1, E8, 10, A3, 74, E4, 48, 00, 6A, 01, E8, CE, 5E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, A7, 2F, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

6.3808

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

456 KB (466,944 bytes)

3 Windows Firewall Allowed Programs

Name:

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

Name:

C:\Program Files\Orbitdownloader\orbitnet.exe

Name:

H:\Program Files\Orbitdownloader\orbitnet.exe

The file Orbitnet.exe has been discovered within the following program.

Orbit Downloader 4.1.0.0 by Novin Pendar Co. Ltd.

www.NPShop.Net

About 1% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to 45.af.84ae.static.theplanet.com (174.132.175.69:443)

TCP (HTTP):

Connects to 81.c5.a86c.ip4.static.sl-reverse.com (108.168.197.129:80)

Remove Orbitnet.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.