home

UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address lb1.forsetup.com on port 80 using the HTTP protocol.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
6.0.1308.1016

MD5:
911a326b50cbca396026caa9522bec00

SHA-1:
d2f90d8b2472bd669425c190a59517645c8546fd

SHA-256:
b29b7f2a9de1238fb7df4a440a1430b398fef2075ffb73a62b8a0aa4c903863c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:44:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.2.10.14

File size:
1.2 MB (1,285,520 bytes)

Product version:
6.0.1308.1016

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
1/18/2017 1:30:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x7578A

Entry point:
1C, C1, 8A, DA, 2A, F3, F7, C7, 83, 0A, 43, 0A, 3B, FE, 46, C6, C0, 3B, 81, FD, A2, A3, 00, 00, 73, 06, 87, F9, 0F, CA, 89, EF, 89, FB, E8, 00, 00, 00, 00, 5F, 0F, 6E, EF, 23, EB, B7, 83, 78, 02, B6, E4, 73, 02, 0F, CD, 8D, 35, 6C, 37, F3, F1, 8A, D4, BD, 17, 03, 00, 00, 81, ED, C1, 00, 00, 00, 8D, 45, 00, 84, E6, 05, 66, 06, 00, 00, FF, C6, 8D, 18, 8D, 35, D6, E7, 3E, 7E, 81, F3, 35, 00, 00, 00, 72, 06, F6, DA, 09, C0, 87, D2, 3D, 08, C9, 00, 00, 74, 0A, 0F, CD, 8D, 2D, C8, C8, B9, 19, 0B, F1, 40, 8D, 0D...
 
[+]

Entropy:
6.8573

Code size:
622 KB (636,928 bytes)

Windows Firewall Allowed Program
Name:
chromium (mdns-in)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to lb1.forsetup.com  (108.163.213.235:80)

TCP (HTTP SSL):
Connects to a23-33-11-172.deploy.static.akamaitechnologies.com  (23.33.11.172:443)

TCP (HTTP SSL):
Connects to blob.by4prdstr02a.store.core.windows.net  (40.112.152.24:443)

TCP (HTTP):
Connects to 94.31.29.55.IPYX-077437-ZYO.above.net  (94.31.29.55:80)

TCP (HTTP):
Connects to nova.rambler.ru  (81.19.82.25:80)

TCP (HTTP):
Connects to phx2-dw-cbsi-xw-lb.cnet.com  (216.239.120.246:80)

TCP (HTTP):
Connects to ec2-52-77-149-34.ap-southeast-1.compute.amazonaws.com  (52.77.149.34:80)

TCP (HTTP):
Connects to ec2-52-26-0-71.us-west-2.compute.amazonaws.com  (52.26.0.71:80)

TCP (HTTP):
Connects to 31.24.228.252.static.midphase.com  (31.24.228.252:80)

TCP (HTTP SSL):
Connects to ec2-52-203-227-57.compute-1.amazonaws.com  (52.203.227.57:443)

TCP (HTTP):
Connects to a23-33-71-44.deploy.static.akamaitechnologies.com  (23.33.71.44:80)

TCP (HTTP SSL):
Connects to a23-33-67-109.deploy.static.akamaitechnologies.com  (23.33.67.109:443)

TCP (HTTP):
Connects to ec2-54-169-125-92.ap-southeast-1.compute.amazonaws.com  (54.169.125.92:80)

TCP (HTTP):
Connects to ec2-52-199-32-131.ap-northeast-1.compute.amazonaws.com  (52.199.32.131:80)

TCP (HTTP):
Connects to a23-48-48-220.deploy.static.akamaitechnologies.com  (23.48.48.220:80)

TCP (HTTP SSL):
Connects to a184-50-119-63.deploy.static.akamaitechnologies.com  (184.50.119.63:443)

TCP (HTTP):
Connects to nfy-rubicon-hk2.everesttech.net  (66.117.25.58:80)

TCP (HTTP):
Connects to a23-10-13-114.deploy.static.akamaitechnologies.com  (23.10.13.114:80)

TCP (HTTP):
Connects to *.d2.sc.omtrdc.net  (63.140.45.105:80)

TCP (HTTP SSL):
Connects to a23-48-58-92.deploy.static.akamaitechnologies.com  (23.48.58.92:443)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.