UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address edge-star-shv-01-cdg2.facebook.com on port 443.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
5.6.12265.1017

MD5:
409b889b8045f04c28d1f65de923b4a4

SHA-1:
41543f973d6bc4752d075f78e0ef5243f7b13e8e

SHA-256:
70b7b0bd647dc411dae3e40e30cb7dac51fb669a032fa25b0250cae286556d9c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 7:43:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.2.26.13

File size:
1.7 MB (1,776,128 bytes)

Product version:
5.6.12265.1017

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
5/13/2016 2:07:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x7AA74

Entry point:
60, 55, 89, E5, 81, EC, 08, 01, 00, 00, C7, 45, EC, 06, 00, 00, 00, C7, 45, F4, 04, 00, 00, 00, 83, 65, F8, 00, 8B, 45, EC, 83, E8, 06, 89, 45, F0, C7, 45, B8, B5, 2E, 00, 00, C7, 45, E8, 09, 56, 7B, D3, B8, CA, 01, 00, 00, F7, 65, B8, 89, 45, 90, 89, 45, F8, C7, 45, F0, E6, 6A, 00, 00, 81, 45, F0, D1, 4F, 00, 00, 81, 45, F0, 49, FD, 02, 00, 8B, 45, F4, 03, 45, EC, 83, E8, 0A, 89, 45, C4, 81, 45, F8, DE, 2A, 00, 00, FF, 4D, E8, C7, 45, E4, 1A, 12, 00, 00, 8B, 45, E4, 29, 45, F8, C7, 45, DC, B0, BE, 53, 00...
 
[+]

Entropy:
7.1962

Code size:
624 KB (638,976 bytes)

Windows Firewall Allowed Program
Name:
chromium (mdns-in)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-shv-01-cdg2.facebook.com  (179.60.192.3:443)

TCP (HTTP SSL):
Connects to edge-z-1-p2-shv-01-lht6.facebook.com  (157.240.1.41:443)

TCP (HTTP SSL):
Connects to edge-z-1-p2-shv-01-cdg2.facebook.com  (179.60.192.40:443)

TCP (HTTP):
Connects to mailrelay.203.website.ws  (64.70.19.203:80)

Remove UCBrowser.exe - Powered by Reason Core Security