Orbit[.]exe | Triage

Resubmissions

29/09/2024, 12:12

240929-pdbd3sxcle 6

29/09/2024, 12:11

240929-pcvrbstfjj 6

Sharing

Copy URL Twitter E-mail

General

Target

Orbit.exe
Size

2.4MB
MD5

78b530b924e1cfcc39d1c6549967c735
SHA1

8c64b11b2103717ff8f77fe52229e67be70afef8
SHA256

666ee335339f28788c569198556641e7dc426d00fe31073cd0e7300bd57f4ade
SHA512

612bd0824f44d9a717a023e8382b3a5081c5b791e41afdb8772bb38022404e9c79020c16b5914246647eb2006e6919a71b2acb5d29f59eefde95388981fdb3ac
SSDEEP

49152:nd5DS4qUhHP5Fm8re9LojDAVEpziZ5e//4r6Lxxc8Ot4/Kc7oaI2/4Dj5v7+S8g:CYDVxzc5e//4r6LxxcdmycE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Orbit.exe

Files

Orbit.exe
.exe windows:6 windows x64 arch:x64

560af78122c98dab327d750b41bbd577

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\sohil\OneDrive\Dokumentumok\GitHub\Orbit Free\x64\Release\Orbit.pdb

Imports

gdiplus

GdipGetImageWidth
GdipBitmapGetPixel
GdipFree
GdipDisposeImage
GdiplusStartup
GdipGetImageHeight
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP

winmm

PlaySoundW

kernel32

SleepEx
SetFileInformationByHandle
GetCurrentProcessId
WaitForMultipleObjects
PeekNamedPipe
AreFileApisANSI
ReadFile
GetFileType
GetEnvironmentVariableA
GetFileInformationByHandleEx
LocalFree
FormatMessageA
GetFileAttributesExW
WakeAllConditionVariable
SleepConditionVariableSRW
WaitForSingleObjectEx
MoveFileExW
RtlCaptureContext
RtlLookupFunctionEntry
LoadLibraryW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemDirectoryW
IsProcessorFeaturePresent
IsDebuggerPresent
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
FindNextFileW
FindFirstFileExW
FindFirstFileW
SetEvent
ExitProcess
OpenProcess
GetCurrentProcess
GetCommandLineW
GetStartupInfoW
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
GetModuleHandleA
WideCharToMultiByte
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetCurrentThreadId
CreateEventW
GetSystemTimeAsFileTime
GlobalUnlock
GetConsoleWindow
GetModuleHandleW
CreateProcessW
GlobalLock
GetProcAddress
CloseHandle
Process32FirstW
LoadLibraryA
Process32NextW
GetLastError
Sleep
CreateToolhelp32Snapshot
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetModuleFileNameW
SetConsoleMode
GetStdHandle
SetLastError
FindClose
CreateDirectoryW
InitializeCriticalSectionEx
GetModuleFileNameA
LoadLibraryExA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
GetLocaleInfoEx
GetCurrentDirectoryW
InitializeSListHead

user32

GetKeyNameTextW
mouse_event
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
GetDC
MapVirtualKeyW
EnumDisplaySettingsW
SetForegroundWindow
GetClipboardData
EnumWindows
EmptyClipboard
CloseClipboard
OpenClipboard
ShowWindow
GetWindowThreadProcessId
SetClipboardData
GetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
GetMessageExtraInfo
SetCursorPos
GetKeyState
ReleaseDC
UnregisterClassA
PostQuitMessage
FindWindowA
SetWindowLongW
TranslateMessage
SetWindowDisplayAffinity
PeekMessageW
DispatchMessageW
RegisterClassExW
UnregisterClassW
SetWindowPos
DefWindowProcW
GetWindowLongW
SendInput
UpdateWindow
DestroyWindow

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
DeleteObject

advapi32

CryptHashData
CryptCreateHash
RegOpenKeyExW
RegSetValueExW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExW
RegCloseKey
CryptEncrypt
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
SetTokenInformation
PrivilegeCheck
RevertToSelf
LookupPrivilegeValueW
CryptImportKey
SetThreadToken
CryptDestroyKey
CryptDestroyHash

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoInitializeEx
CoTaskMemFree

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
_Mtx_unlock
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
_Thrd_hardware_concurrency
?good@ios_base@std@@QEBA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

ws2_32

send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSASetLastError
WSAGetLastError
inet_pton
ntohs
inet_ntop
WSAStartup
bind
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
getsockopt
WSACleanup
select
accept

crypt32

CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertGetNameStringW
PFXImportCertStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
_CxxThrowException
longjmp
__C_specific_handler
wcschr
memcmp
__intrinsic_setjmp
__current_exception
memmove
memchr
strrchr
memset
memcpy
strchr
strstr
wcsstr
__std_exception_copy
__std_exception_destroy
__std_terminate

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
calloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

system
__sys_errlist
__sys_nerr
_errno
terminate
abort
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_beginthreadex
strerror
_cexit
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
exit
_invalid_parameter_noinfo_noreturn
_initterm
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initterm_e
_exit

api-ms-win-crt-stdio-l1-1-0

tmpfile
setvbuf
_set_fmode
_popen
_pclose
ungetc
_ftelli64
fgetc
clearerr
__p__commode
fsetpos
_read
_write
_fileno
_close
ferror
freopen
getc
fread
_fseeki64
fclose
fflush
_get_stream_buffer_pointers
fopen
__acrt_iob_func
__stdio_common_vfprintf
tmpnam
__stdio_common_vsprintf
_lseeki64
ftell
fseek
fputc
fgets
_wopen
_wfopen
fwrite
__stdio_common_vsscanf
feof
__stdio_common_vswprintf
fputs
fgetpos

api-ms-win-crt-convert-l1-1-0

atof
strtoul
strtof
atoi
strtol
strtoll
wcstombs
strtoull
strtod

api-ms-win-crt-string-l1-1-0

isxdigit
isupper
_wcsdup
_wcsicmp
strncmp
wcspbrk
strcmp
strncpy
strcpy_s
wcsncmp
strpbrk
strcspn
ispunct
isalpha
isblank
isgraph
iscntrl
strspn
tolower
islower
isalnum
isdigit
_strdup
wcsncpy
strcoll
isspace
toupper

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
_unlink
_fstat64
rename
_wstat64

api-ms-win-crt-math-l1-1-0

atan2f
acosf
tanh
__setusermatherr
sqrt
sinh
powf
_dclass
sin
fmodf
log10
log
_fdopen
fmod
exp
cosh
cos
ceil
atan2
asin
acos
ldexp
pow
floor
frexp
tan
llround

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

strftime
_mktime64
clock
_difftime64
_localtime64
_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

560af78122c98dab327d750b41bbd577

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

d3d11

d3dcompiler_47

dwmapi

ws2_32

crypt32

imm32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 408KB - Virtual size: 407KB

.data Size: 8KB - Virtual size: 19KB

.pdata Size: 80KB - Virtual size: 80KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 408KB - Virtual size: 407KB

.data
Size: 8KB - Virtual size: 19KB

.pdata
Size: 80KB - Virtual size: 80KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 7KB - Virtual size: 6KB