home

UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address get.dc2.videolan.org on port 443.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
5.6.12265.1015

MD5:
d751791dc266ade18719b38ba55e3c31

SHA-1:
35fc17a0ebfa049bb1195e80b9b5edabb32177b3

SHA-256:
a671de917047f0a4870420151d108b5c44bc9affccc136524fb2e5123788c60e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:25:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.2.23.12

File size:
1.2 MB (1,263,264 bytes)

Product version:
5.6.12265.1015

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
5/10/2016 7:31:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7AA74

Entry point:
60, F7, C5, 8D, BE, 79, FC, 86, C0, 34, 70, F2, 0B, C6, 0F, CA, 68, 48, DA, AA, 00, 57, 38, F8, 31, C3, F7, D9, EB, 03, 3A, E7, 4E, 0F, A5, DB, E8, 6C, 00, 00, 00, 0F, B6, D6, 30, D4, 0F, BA, E8, 47, B4, 22, 0F, B7, C3, F6, C6, C6, 0F, BC, F9, 3B, EB, 6A, 00, 5A, FE, CF, 41, 88, D4, 0F, AC, F8, 96, 80, D4, A9, 0F, BB, C7, 3A, F8, 81, C2, 5C, A6, FD, FF, 0F, BF, F6, 87, EE, 81, C2, A5, 59, 02, 00, 80, F1, 3B, 89, E8, 80, D1, 69, 8D, 05, AB, AB, 8E, 43, 0F, BD, C3, 81, FE, A5, 91, 00, 00, 73, 0C, 0F, BA, FB...
 
[+]

Entropy:
6.8765

Code size:
624 KB (638,976 bytes)

Windows Firewall Allowed Program
Name:
chromium (mdns-in)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to goldeneye.videolan.org  (88.191.250.2:80)

TCP:
Connects to dialup-del-203.94.248.63.bol.net.in  (203.94.248.63:3000)

TCP (HTTP SSL):
Connects to triband-del-59.179.18.15.bol.net.in  (59.179.18.15:443)

TCP (HTTP SSL):
Connects to get.dc2.videolan.org  (195.154.241.219:443)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.