× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a66162e228afdc767621dd175b574efd73cad9c5f3594f2f73ce547edae4775f
File name: f353a4ecd7df84ec42117a6c6ab81c952d68b90a
Detection ratio: 3 / 55
Analysis date: 2014-11-28 00:34:50 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ransom 20141127
Kaspersky UDS:DangerousObject.Multi.Generic 20141127
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141126
Ad-Aware 20141128
AegisLab 20141127
Yandex 20141126
ALYac 20141128
Antiy-AVL 20141127
Avast 20141128
AVG 20141128
Avira (no cloud) 20141128
AVware 20141121
Baidu-International 20141127
BitDefender 20141128
Bkav 20141127
ByteHero 20141128
CAT-QuickHeal 20141127
ClamAV 20141128
CMC 20141127
Comodo 20141128
Cyren 20141127
DrWeb 20141128
Emsisoft 20141128
F-Prot 20141127
F-Secure 20141128
Fortinet 20141127
GData 20141127
Ikarus 20141127
Jiangmin 20141127
K7AntiVirus 20141127
K7GW 20141126
Kingsoft 20141128
Malwarebytes 20141127
McAfee 20141127
McAfee-GW-Edition 20141127
Microsoft 20141128
eScan 20141128
NANO-Antivirus 20141127
Norman 20141127
nProtect 20141127
Panda 20141127
Qihoo-360 20141128
Sophos AV 20141128
SUPERAntiSpyware 20141127
Symantec 20141128
Tencent 20141128
TheHacker 20141124
TotalDefense 20141127
TrendMicro 20141127
TrendMicro-HouseCall 20141127
VBA32 20141127
VIPRE 20141127
ViRobot 20141127
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2006 - 2014 Oribtdownloader.com

Publisher Orbitdownloader.com
Product Orbit Downloader
Original name OrbitDM.exe
Internal name Orbit
File version 4.1.1.1
Description Orbit Downloader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-27 15:37:38
Entry Point 0x0000A9F5
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCloseKey
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA
RegSetValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA
ConvertSidToStringSidA
GetSaveFileNameA
TextOutW
CreatePen
TextOutA
GetTextMetricsA
EndPath
GetBitmapBits
LineTo
SetPixel
FillPath
SetTextColor
CreatePatternBrush
RectVisible
GetObjectW
MoveToEx
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
SelectObject
CreateSolidBrush
Polyline
SetBkColor
BeginPath
DeleteObject
Ellipse
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
_llseek
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
FindClose
InterlockedDecrement
GetProfileIntA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
WriteProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
_lclose
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetCPInfo
GetUserDefaultLCID
_lread
GetProcessHeap
CompareStringW
FindFirstFileA
FindNextFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
OpenFile
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
acmFormatEnumA
acmMetrics
acmDriverOpen
acmDriverClose
NetUserEnum
NetGetJoinInformation
NetApiBufferFree
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SetFocus
RegisterClassExW
GetSysColor
GetCursorInfo
SetMenuItemBitmaps
BeginPaint
GetClassNameW
ReleaseCapture
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
GetClipboardData
GetDesktopWindow
GetSystemMetrics
OemToCharA
AppendMenuA
GetWindowRect
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
MoveWindow
WindowFromPoint
MessageBoxA
SetWindowPos
GetWindowLongA
InvalidateRect
CheckDlgButton
GetDC
ReleaseDC
CreatePopupMenu
CheckMenuItem
GetTopWindow
SetClipboardData
GetIconInfo
FindWindowExA
SendMessageA
GetClientRect
CreateMenu
GetDlgItem
DrawMenuBar
ScreenToClient
SetRect
CallNextHookEx
wsprintfA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
LoadIconA
CountClipboardFormats
SetWindowTextA
FillRect
AdjustWindowRect
IsDlgButtonChecked
GetWindowTextW
SetDlgItemInt
LoadImageA
GetClassNameA
CreateWindowExW
EmptyClipboard
EndPaint
CloseClipboard
GetMonitorInfoA
DestroyWindow
OpenClipboard
ExpandEnvironmentStringsForUserW
WTSQuerySessionInformationA
GdipGraphicsClear
GdipCreateFromHDC
GdipFree
GdipLoadImageFromFile
GdipGetImageWidth
GdipAlloc
GdipCreateFromHWND
GdipCloneImage
GdipGetImageHeight
GdipDisposeImage
GdipDrawImageRectI
GdipDeleteGraphics
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 3
Struct(28) 2
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
105984

ImageVersion
0.0

ProductName
Orbit Downloader

FileVersionNumber
4.1.1.1

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Orbit Downloader

CharacterSet
Unicode

LinkerVersion
10.0

OriginalFilename
OrbitDM.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.1.1.1

TimeStamp
2014:11:27 16:37:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Orbit

FileAccessDate
2014:12:05 02:02:35+01:00

ProductVersion
4.1.1.1

SubsystemVersion
5.1

OSVersion
5.1

FileCreateDate
2014:12:05 02:02:35+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2006 - 2014 Oribtdownloader.com

MachineType
Intel 386 or later, and compatibles

CompanyName
Orbitdownloader.com

CodeSize
275456

FileSubtype
0

ProductVersionNumber
4.1.1.1

EntryPoint
0xa9f5

ObjectFileType
Static library

File identification
MD5 da5200f971cf63153cddd22d275309c5
SHA1 f353a4ecd7df84ec42117a6c6ab81c952d68b90a
SHA256 a66162e228afdc767621dd175b574efd73cad9c5f3594f2f73ce547edae4775f
ssdeep
6144:epG4QAXiNf8GDmffHgu1Wqn05pzfvFXr79P8D/fag8o229WyWwGB:enANkGDmnn4Ppzfdb79P8D/US9Wy8

authentihash c86b69f0325fb0c35bd90840a69f06439db7c0e5578732225a124385419deb85
imphash b6ed4c2cd5284e43ebd7fd852a96c06f
File size 373.5 KB ( 382464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-28 00:34:50 UTC ( 4 years, 3 months ago )
Last submission 2014-11-28 00:34:50 UTC ( 4 years, 3 months ago )
File names f353a4ecd7df84ec42117a6c6ab81c952d68b90a
OrbitDM.exe
Orbit
a66162e228afdc767621dd175b574efd73cad9c5f3594f2f73ce547edae4775f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.