home

Orbitnet.exe

P2P service of Orbit Downloader

Orbitdownloader.com

The application Orbitnet.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 81.c5.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Orbitdownloader.com

Product:
P2P service of Orbit Downloader

Version:
2, 6, 0, 4

MD5:
5d90da671a1b3fcb315bd4ae6d036a52

SHA-1:
b4e73ee24732c3a3c2c9772e8e94445d843f7ac1

SHA-256:
1a8d5ef73d85e814e69a983b7e9cbd05ce940c67163c3fb3c76f3417ca0dd6dd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/28/2024 11:27:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OrbitDownloader (M)
17.3.11.13

File size:
732.4 KB (749,994 bytes)

Product version:
2, 6, 0, 4

Copyright:
Copyright 2006 - 2009 Oribtdownloader.com

Original file name:
Orbitnet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\orbitdownloader\orbitnet.exe

File PE Metadata
Compilation timestamp:
7/6/2009 11:00:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x91000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
6.7972

Packer / compiler:
ASPack v1.08.04

Code size:
456 KB (466,944 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\Orbitdownloader\orbitnet.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 81.c5.a86c.ip4.static.sl-reverse.com  (108.168.197.129:80)

Remove Orbitnet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.