home

UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 125.234.48.24.hcm.viettel.vn on port 443.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
6.1.2015.1007

MD5:
914349cdc8833bedf1e88c891e305d4f

SHA-1:
d2a368dccdf8b4163fc6efbcd226b8e4d2249f39

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 7:59:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.3.8.3

File size:
1.2 MB (1,273,232 bytes)

Product version:
6.1.2015.1007

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
2/21/2017 4:03:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x7578A

Entry point:
C7, C6, DD, 36, D0, CB, FE, C5, 85, F0, 0F, B6, C5, 88, CD, E8, 79, 00, 00, 00, F7, DF, 3B, EB, 85, CB, F7, C5, 98, 04, 16, 92, B3, 8D, 8D, 00, 71, 02, B3, 01, 8B, F8, C6, C0, EC, 01, C3, 8B, F7, 0C, 15, 85, D6, 03, D6, F7, DB, 3D, 42, 5B, 00, 00, 71, 04, 2C, 82, 84, DF, 8D, 35, 18, 91, 2B, A4, 8D, 1D, CB, 0C, 00, 00, 8D, 2D, 7E, D9, 1B, 6B, 81, EB, 1A, 05, 00, 00, 0C, 23, 8D, 13, 81, EA, C1, 00, 00, 00, F6, C6, 4A, 8A, E0, 8B, E9, 81, EA, 01, 00, 00, 00, 80, FC, F2, B4, 4D, 81, F9, BF, DB, 00, 00, 74, 02...
 
[+]

Entropy:
6.8410

Code size:
622 KB (636,928 bytes)

Windows Firewall Allowed Program
Name:
C:\Program Files\UCBrowser\Application\UCBrowser.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 125.234.54.93.hcm.viettel.vn  (125.234.54.93:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (202.127.76.239:80)

TCP (HTTP SSL):
Connects to 125.234.55.50.hcm.viettel.vn  (125.234.55.50:443)

TCP (HTTP SSL):
Connects to 125.234.54.251.hcm.viettel.vn  (125.234.54.251:443)

TCP (HTTP SSL):
Connects to 125.234.48.26.hcm.viettel.vn  (125.234.48.26:443)

TCP (HTTP):
Connects to 125.234.55.55.hcm.viettel.vn  (125.234.55.55:80)

TCP (HTTP):
Connects to 125.234.54.247.hcm.viettel.vn  (125.234.54.247:80)

TCP (HTTP):
Connects to 125.234.51.251.hcm.viettel.vn  (125.234.51.251:80)

TCP (HTTP):
Connects to 125.234.51.217.hcm.viettel.vn  (125.234.51.217:80)

TCP (HTTP):
Connects to 125.234.50.88.hcm.viettel.vn  (125.234.50.88:80)

TCP (HTTP):
Connects to 125.234.50.237.hcm.viettel.vn  (125.234.50.237:80)

TCP (HTTP):
Connects to 125.234.55.54.hcm.viettel.vn  (125.234.55.54:80)

TCP (HTTP):
Connects to 125.234.55.44.hcm.viettel.vn  (125.234.55.44:80)

TCP (HTTP):
Connects to 125.234.54.88.hcm.viettel.vn  (125.234.54.88:80)

TCP (HTTP):
Connects to 125.234.52.231.hcm.viettel.vn  (125.234.52.231:80)

TCP (HTTP):
Connects to 125.234.50.236.hcm.viettel.vn  (125.234.50.236:80)

TCP (HTTP):
Connects to 125.234.48.20.hcm.viettel.vn  (125.234.48.20:80)

TCP (HTTP):
Connects to b-app04-03.boldchat.com  (66.150.108.61:80)

TCP (HTTP SSL):
Connects to 125.234.52.162.hcm.viettel.vn  (125.234.52.162:443)

TCP (HTTP SSL):
Connects to 125.234.50.178.hcm.viettel.vn  (125.234.50.178:443)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.