home

orbitsetup4.1.19.exe

Orbit Downloader 4.1.1.19

KORAM GAMES LIMITED

The application orbitsetup4.1.19.exe, “Orbit Downloader setup ” by KORAM GAMES LIMITED has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from dl3.vessoft.com and multiple other hosts.
Publisher:
www.orbitdownloader.com   (signed by KORAM GAMES LIMITED)

Product:
Orbit Downloader 4.1.1.19

Description:
Orbit Downloader setup

Version:
4.1.1.19

MD5:
38dd735b1c55dbbad5ed91e49b39db26

SHA-1:
f49db75e299be1f4674200a30f3446350da0e6a3

SHA-256:
d81afda17caf0627996d6e8215ea19c2851926fadd0438e325811f517d8f1994

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 9:35:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.9559637
1126

avast!
Win32:OrbitDDOS-B [Trj]
2014.9-140105

Bkav FE
W32.Clodc3b.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17542

Dr.Web
DDoS.Siggen.539
9.0.1.05

ESET NOD32
Win32/OpenCandy
8.9244

Fortinet FortiGate
Riskware/GushUnleashed
12/21/2013

F-Secure
Trojan.Generic.9559637
11.2013-21-12_7

G Data
Win32.Trojan.Agent.Z3B3G3
13.12.22

K7 AntiVirus
Unwanted-Program
13.174.10720

Kaspersky
not-a-virus:NetTool.Win32.GushUnleashed
14.0.0.4513

MicroWorld eScan
Trojan.Generic.9559637
14.0.0.1065

Reason Heuristics
PUP.Optional.Installer.KORAMGAMESLIMITED.O
14.3.2.10

Trend Micro House Call
TROJ_GEN.F47V0911
7.2.355

Vba32 AntiVirus
AdWare.Gaba
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25034

File size:
5.3 MB (5,528,480 bytes)

Product version:
4.1.1.19

Copyright:
Copyright (C) 2006-2013 OrbitDownloader.com

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\install\orbitsetup4.1.19.exe

Digital Signature
Signed by:
KORAM GAMES LIMITED

Authority:
VeriSign, Inc.

Valid from:
11/8/2012 1:00:00 AM

Valid to:
1/8/2014 12:59:59 AM

Subject:
CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DE680510AEC828B17AC57B14D7A0CE3

File PE Metadata
Compilation timestamp:
9/23/2009 1:06:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:2KyR5J1HQoZYVQx+GbLmWyLFEKyOIyLDqmW+jXHntiC2jOG51G/Bm:2RJupA1LhYEKyOHDqmW+j3nti3jOUGJm

Entry address:
0x163C4

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, A4, 52, 41, 00, E8, F0, 02, FF, FF, 33, C0, 55, 68, 89, 6A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, 6A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 18, AB, 41, 00, E8, F6, EC, FF, FF, E8, 01, E8, FF, FF, 8D, 55, EC, 33, C0, E8, 83, 86, FF, FF, 8B, 55, EC, B8, 74, D6, 41, 00, E8, BE, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 74, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file orbitsetup4.1.19.exe has been seen being distributed by the following 30 URLs.

https://dl3.vessoft.com/files2/.../OrbitSetup_4.1.19.exe

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnwyMWI3NjExYXwxNDYzODQ3MzQ5fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnxkNTJmZTdiNHwxNDQyNjMzOTczfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnxiMjI5Y2EyZXwxNDYyNjk5MDEwfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnwwOTc5Nzg4MXwxNDgxMzg4MTgyfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw5ZWU3NDU0MXwxNDgxNDMwNDEwfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnwyZDNhMTlkYXwxNDczNjg4MTAyfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw4NmRkNTgxM3wxNDc5NjAxODcxfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnwyYmEyYjAwZXwxNDc5MzkyNzQ1fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnxlMmRmZjMzMHwxNDczMTM2MzI0fDB8NDQw

http://down.tech.sina.com.cn/.../d_load.php?d_id=34798&down_id=1&ip=219.92.78.137

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw4NzgxODM1YnwxNDE5NDEzNzczfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw1ZGEyMzIwMXwxNDU1Njk1NTk5fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnxhMGJkN2I2NHwxNDQ5NzE5NzYyfDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw3NTNmOWFjMXwxNDYzNDIwNTk4fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw2ZDg5NzJkZXwxNDU4MTQ4MDA1fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw0YzYzZTQ5YnwxNDU5MDczMTM5fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw0ZDM3MzgzOXwxNDYzODIzOTE1fDB8NDQw

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw3MDJiZjcxMXwxNDU1NTgyNTEzfDB8NDQw

http://files194.xetbox.com/downloads/software/internet/.../orbit.downloader.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_106450_AEGvCmoAAA8NVNwDzADuSPylg0o&fid=Sent&pid=2&clean=0&appid=YahooMailNeo&ymreqid=c4bb16ff-2f28-7d20-0102-a70054010000

http://dl3.vessoft.com/files2/.../OrbitSetup_4.1.19.exe

http://ftp-stahuj.centrum.cz/dl/abe8cd12502701da8869b3a6d7cad934/55b3b284/stahuj/download/software/secured/o/orbit-downloader/.../OrbitSetup4.1.19.exe

http://ftp-stahuj.centrum.cz/dl/1a67d8e92e0eeb25f7c9f9784b91dc86/55242264/stahuj/download/software/secured/o/orbit-downloader/.../OrbitSetup4.1.19.exe

http://www.brothersoft.com/d.php?soft_id=54366&url=http://files.brothersoft.com/internet/.../OrbitSetup4.1.19.exe&name=Orbit Downloader

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnxhNjRkYTc1YXwxMzk5MDMzNzU5fDB8NDQw

http://usfiles.brothersoft.com/internet/.../OrbitSetup4.1.19.exe

http://files.brothersoft.com/internet/.../OrbitSetup4.1.19.exe

http://123.briian.com/forum.php?mod=attachment&aid=MjcyMnw3NmJlNDRkOHwxMzg2MTU5OTAxfDB8NDQw

http://files.brothersoft.com/internet/.../OrbitSetup4.1.19.exe

Latest 30 of 30 download URLs

Remove orbitsetup4.1.19.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.