× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a8405a12f1a822116be9520a5208230b205ac5a75d0cae980c10b7cda4a8ed9
File name: b56fbac1df907e481af0b3ddf92db98a027a4b5f
Detection ratio: 2 / 56
Analysis date: 2014-11-29 00:36:08 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Kaspersky Trojan-Spy.Win32.Zbot.uqdn 20141129
Malwarebytes Trojan.Agent.ED 20141129
Ad-Aware 20141129
AegisLab 20141129
Yandex 20141129
AhnLab-V3 20141128
ALYac 20141128
Antiy-AVL 20141128
Avast 20141128
AVG 20141128
Avira (no cloud) 20141128
AVware 20141121
Baidu-International 20141128
BitDefender 20141128
Bkav 20141127
ByteHero 20141129
CAT-QuickHeal 20141128
ClamAV 20141128
CMC 20141127
Comodo 20141128
Cyren 20141128
DrWeb 20141128
Emsisoft 20141128
ESET-NOD32 20141128
F-Prot 20141128
F-Secure 20141128
Fortinet 20141128
GData 20141128
Ikarus 20141129
Jiangmin 20141127
K7AntiVirus 20141128
K7GW 20141128
Kingsoft 20141129
McAfee 20141129
McAfee-GW-Edition 20141129
Microsoft 20141129
eScan 20141129
NANO-Antivirus 20141128
Norman 20141128
nProtect 20141128
Panda 20141128
Qihoo-360 20141129
Rising 20141126
Sophos AV 20141128
SUPERAntiSpyware 20141128
Symantec 20141129
Tencent 20141129
TheHacker 20141124
TotalDefense 20141129
TrendMicro 20141129
TrendMicro-HouseCall 20141129
VBA32 20141128
VIPRE 20141129
ViRobot 20141128
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2006 - 2014 Oribtdownloader.com

Publisher Orbitdownloader.com
Product Orbit Downloader
Original name OrbitDM.exe
Internal name Orbit
File version 4.1.1.1
Description Orbit Downloader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-28 17:58:18
Entry Point 0x00004110
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegOpenKeyExA
GetOpenFileNameA
CreatePatternBrush
CreateDCA
LineTo
DeleteDC
SelectObject
StartDocA
MoveToEx
CreatePen
GetStockObject
SetPixel
EndDoc
Polyline
EndPath
FillPath
SetBkColor
TextOutA
BeginPath
DeleteObject
Ellipse
SetTextColor
GetStdHandle
GetOverlappedResult
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
SetTimeZoneInformation
lstrcatA
FreeEnvironmentStringsW
lstrcatW
CommConfigDialogA
WaitCommEvent
SetStdHandle
GetCPInfo
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
OutputDebugStringW
TlsGetValue
GetProfileIntA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
SetCommMask
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyW
GlobalReAlloc
HeapValidate
GlobalLock
SetCommTimeouts
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetCurrentProcessId
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
IsBadReadPtr
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SHGetFolderPathW
StrToIntA
SetFocus
GetMessageA
MapVirtualKeyA
DrawTextA
SetLayeredWindowAttributes
EndDialog
BeginPaint
InvalidateRect
SetRectEmpty
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
SetWindowPos
SetDlgItemInt
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
ReleaseCapture
GetDlgItemTextA
WindowFromPoint
GetAltTabInfoA
CopyImage
GetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
GetDlgItemInt
GetDC
DrawCaption
ReleaseDC
SetSysColors
CheckMenuItem
GetMenu
wsprintfA
GetKeyNameTextA
PtInRect
GetClipboardData
SendMessageA
GetWindowTextA
GetClientRect
ToAscii
GetDlgItem
DrawTextW
CallNextHookEx
GetSubMenu
IsClipboardFormatAvailable
SetTimer
GetKeyboardState
CountClipboardFormats
GetMenuState
LoadImageA
GetClassNameA
CloseClipboard
OpenClipboard
GetKeyState
DestroyWindow
EndPagePrinter
EnumPrintersA
ClosePrinter
EndDocPrinter
OpenPrinterA
GdipCreateFromHWND
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipDeleteGraphics
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 3
Struct(28) 2
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
263680

ImageVersion
0.0

ProductName
Orbit Downloader

FileVersionNumber
4.1.1.1

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Orbit Downloader

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
OrbitDM.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.1.1

TimeStamp
2014:11:28 18:58:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Orbit

FileAccessDate
2014:11:29 22:37:35+01:00

ProductVersion
4.1.1.1

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:11:29 22:37:35+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2006 - 2014 Oribtdownloader.com

MachineType
Intel 386 or later, and compatibles

CompanyName
Orbitdownloader.com

CodeSize
147968

FileSubtype
0

ProductVersionNumber
4.1.1.1

EntryPoint
0x4110

ObjectFileType
Static library

File identification
MD5 e8255396c72294b9eaf5cefa32fcc120
SHA1 b56fbac1df907e481af0b3ddf92db98a027a4b5f
SHA256 5a8405a12f1a822116be9520a5208230b205ac5a75d0cae980c10b7cda4a8ed9
ssdeep
6144:HdqN9ZJnKE2rOIbKsA5uOJ7B22JTlZuoLqDSFXVS2b4fjQ1bg:9EJnKEBIRAbrbJpZuoLqDS+/ek

authentihash 088971bf6c2354ea82ebe0ec0972cb2dd0ffb134415697c18374a1efd3121ba2
imphash 5bb3d6c0d49e88f3e04324a657d4ff53
File size 403.0 KB ( 412672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-29 00:36:08 UTC ( 4 years, 3 months ago )
Last submission 2014-11-29 21:36:07 UTC ( 4 years, 3 months ago )
File names b930076e4ed0ef377ed0d0ea919610734f8aa203
OrbitDM.exe
Orbit
b56fbac1df907e481af0b3ddf92db98a027a4b5f
5a8405a12f1a822116be9520a5208230b205ac5a75d0cae980c10b7cda4a8ed9.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.