home

InstallerOrion.exe

The executable InstallerOrion.exe has been detected as malware by 13 anti-virus scanners. While running, it connects to the Internet address 209-99-40-219.fwd.datafoundry.com on port 80 using the HTTP protocol.
Version:
0.0.0.0

MD5:
6b0ec346dcb4d069971cdd60945db6a8

SHA-1:
de31816f451c3fa1fa060bd1ef02974823d4613f

SHA-256:
baa96fa7ca3b8bb1d34fd96aabae09bb9285ca461a1b32c337c5d7762372297e

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
6/25/2025 12:13:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.166710
435

AhnLab V3 Security
Malware/Win32.Generic
2015.11.25

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.2.4

Arcabit
Trojan.Zusy.D28B36
1.0.0.624

avast!
Win32:Evo-gen [Susp]
2014.9-151127

AVG
Atros2
2016.0.2913

Bitdefender
Gen:Variant.Zusy.166710
1.0.20.1655

Emsisoft Anti-Malware
Gen:Variant.Zusy.166710
8.15.11.27.07

F-Secure
Gen:Variant.Zusy.166710
11.2015-27-11_6

G Data
Gen:Variant.Zusy.166710
15.11.25

IKARUS anti.virus
Trojan.MSIL.Agent
t3scan.1.9.5.0

MicroWorld eScan
Gen:Variant.Zusy.166710
16.0.0.993

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

File size:
16.5 KB (16,896 bytes)

Product version:
0.0.0.0

Original file name:
InstallerOrion.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft manager app\installerorion.exe

File PE Metadata
Compilation timestamp:
11/24/2015 5:14:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:SlnWUAYE/Eaod+slWGCt1F1PgyBI3+PYHfl9VNaVWyvEqjO1/6O69r1:SYXsa1m3+AtjNaQyTjOt6O69r

Entry address:
0x565E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
14 KB (14,336 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 209-99-40-219.fwd.datafoundry.com  (209.99.40.219:80)

Remove InstallerOrion.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.