home

UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 108.61.198.96.vultr.com on port 443.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
6.1.2015.1007

MD5:
d1f2caf8cec6e0a4f50957384922d0bb

SHA-1:
98882e7497442146ebea01c9f9c73e15c6cece6c

SHA-256:
a8afc668c38620d4b37ab46e73cdb72361a3513b90c4ea3c808eba12d4dccfb8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:56:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.2.25.10

File size:
1.2 MB (1,281,424 bytes)

Product version:
6.1.2015.1007

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
2/21/2017 1:03:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x7578A

Entry point:
60, 89, D9, 0F, C1, D2, 89, F9, C6, C6, F5, 0F, BA, E5, D5, 46, F6, C0, A6, F7, C6, 1C, 38, A8, 2D, C0, F8, DA, E8, 20, 00, 00, 00, 0F, BD, D1, 8B, FB, 0F, BD, D7, 0F, BD, EE, 0F, AC, C1, E0, 0F, BB, F9, F7, C0, 39, CE, 1A, 88, B6, E4, 81, FB, 05, A8, 00, 00, F6, C0, AF, 0F, CB, FF, C7, FE, CF, 0F, A4, FF, 51, 3A, DE, D3, D6, 8D, 00, 0F, A5, DA, 0F, AF, FB, BA, D7, 35, 71, 56, 69, DB, F4, 59, DF, CA, 03, E8, FE, CD, 5B, 8D, 3D, CC, B1, 7C, B7, 0F, B3, D2, 0F, AD, C2, 03, F1, F2, FF, CF, 8A, D1, 0F, AD, F2...
 
[+]

Entropy:
6.8543

Code size:
622 KB (636,928 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\ucbrowser\application\ucbrowser.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-shv-01-mxp1.facebook.com  (31.13.86.8:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-sin6.fbcdn.net  (157.240.7.21:443)

TCP (HTTP):
Connects to a92-122-88-158.deploy.akamaitechnologies.com  (92.122.88.158:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to a95-101-80-242.deploy.akamaitechnologies.com  (95.101.80.242:443)

TCP (HTTP SSL):
Connects to a95-100-96-210.deploy.akamaitechnologies.com  (95.100.96.210:443)

TCP (HTTP SSL):
Connects to a92-123-194-114.deploy.akamaitechnologies.com  (92.123.194.114:443)

TCP (HTTP SSL):
Connects to 248.199.186.35.bc.googleusercontent.com  (35.186.199.248:443)

TCP (HTTP):
Connects to 74.113.233.187.df.iaccap.com  (74.113.233.187:80)

TCP (HTTP):
Connects to a104-88-200-176.deploy.static.akamaitechnologies.com  (104.88.200.176:80)

TCP (HTTP SSL):
Connects to 45.63.21.91.vultr.com  (45.63.21.91:443)

TCP (HTTP SSL):
Connects to 108.61.198.96.vultr.com  (108.61.198.96:443)

TCP (HTTP SSL):
Connects to 104.156.251.46.vultr.com  (104.156.251.46:443)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.