orbit[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

orbit.exe
Size

1.3MB
MD5

a97deed3a59d8bfcf1afabd1572d1e35
SHA1

8cbbb4f1debd26b3a965bf8014846215c0decab5
SHA256

183d2ab8c8d1d73573d8bf65f06bd379e2fed591c8d1b06eed5fd590723440ca
SHA512

42ab453322e17a8dd85dc30cec8d6e12c715ea6169ad0b79de7de13b9c60d3eb48cbca4a102913892641d5b80b571347033c43644095b02acc5c1eae55b10187
SSDEEP

24576:VDLIYaMQSuptWMmEKsqUlqBwMJ83IKNSXDe4n7J1:hLIYaMQNgBdUlqaMJ83

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

orbit.exe

resource
orbit.exe

Files

orbit.exe
.exe windows:6 windows x64 arch:x64

e79d3499ba5e2d7fbca0bd9c4b8cc22f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user236264\Desktop\yes\build\cheat\orbit.pdb

Imports

kernel32

GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
FreeConsole
ExitProcess
GlobalAlloc
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
MultiByteToWideChar
GetTempPathW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
lstrcmpiA
GetConsoleWindow
CloseHandle
Process32Next
CreateFileA
CreateToolhelp32Snapshot
CreateFileW
GetCurrentProcess
Process32First
Sleep
GetCurrentProcessId
GetModuleHandleA
VirtualAlloc
DeviceIoControl
VirtualFree
FormatMessageA
FreeLibrary
GetProcAddress
GetLastError
GlobalFree
LoadLibraryExA
SetFileInformationByHandle
GetModuleFileNameA

user32

SetCursor
SetCapture
TrackMouseEvent
ClientToScreen
GetCapture
SetProcessDPIAware
SendInput
GetCursorPos
FindWindowA
GetForegroundWindow
GetAsyncKeyState
ReleaseCapture
GetClientRect
MonitorFromWindow
DefWindowProcA
LoadCursorA
DispatchMessageA
ScreenToClient
MessageBoxA
ShowWindow
SetClipboardData
GetKeyState
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
LoadIconA
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
MoveWindow
GetMonitorInfoA
SetWindowDisplayAffinity
SetWindowLongA
GetSystemMetrics
DestroyWindow
GetWindowRect
OpenClipboard
SetCursorPos
GetClipboardData
EmptyClipboard
CloseClipboard

gdi32

CreateSolidBrush

advapi32

OpenProcessToken
RegQueryValueExA
RegCloseKey
GetUserNameW
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z

urlmon

URLDownloadToFileA

ntdll

RtlCaptureContext
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
RtlLookupFunctionEntry
RtlVirtualUnwind

dbghelp

ImageDirectoryEntryToData
ImageRvaToVa
ImageNtHeader

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcmp
memchr
__intrinsic_setjmp
strrchr
__std_exception_destroy
memset
_CxxThrowException
__current_exception_context
__std_exception_copy
__current_exception
memcpy
_purecall
__C_specific_handler
strstr
longjmp
strchr
__std_terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
realloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

llround
asin
atan2
atan2f
ceil
ceilf
sqrtf
cos
cosf
acos
exp
floor
fmod
fmodf
tan
acosf
log
ldexp
__setusermatherr
log10
pow
powf
frexp
sin
roundf
_dsign
sinf
sqrt

api-ms-win-crt-string-l1-1-0

isspace
strcmp
strncpy
isblank
strpbrk
tolower
isxdigit
_stricmp
strncmp
isgraph
isupper
isdigit
strspn
iscntrl
isalnum
toupper
isalpha
ispunct
islower
strcoll

api-ms-win-crt-runtime-l1-1-0

system
abort
strerror
_errno
_beginthreadex
terminate
_invalid_parameter_noinfo_noreturn
perror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_c_exit

api-ms-win-crt-stdio-l1-1-0

fputc
__p__commode
fflush
fgetpos
fclose
fgetc
_set_fmode
getc
__stdio_common_vfprintf
fsetpos
_get_stream_buffer_pointers
ftell
__stdio_common_vsscanf
freopen
feof
fread
ferror
_wfopen
fwrite
fgets
__acrt_iob_func
clearerr
tmpnam
fopen
_pclose
tmpfile
setvbuf
_popen
ungetc
fseek
__stdio_common_vsprintf
_ftelli64
_fseeki64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64
_mktime64
clock
_difftime64
_time64
_localtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
atof
strtod

api-ms-win-crt-filesystem-l1-1-0

rename
remove
_unlock_file
_lock_file

api-ms-win-crt-utility-l1-1-0

rand
qsort

Sections

.text
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 303KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e79d3499ba5e2d7fbca0bd9c4b8cc22f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

urlmon

ntdll

dbghelp

d3d11

imm32

d3dcompiler_47

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 808KB - Virtual size: 808KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 303KB - Virtual size: 309KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 808KB - Virtual size: 808KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 303KB - Virtual size: 309KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 3KB