ucbrowser_v5.5.6367.1013_windows_pf101_(build15102708).exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v5.5.6367.1013_windows_pf101_(build15102708).exe by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Toolwiz Time Freeze 2016 by ToolWiz. The file has been seen being downloaded from pdds.ucweb.com and multiple other hosts.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC Browser

Version:
5.5.6367.1013

MD5:
d2dbf932af184fc07f0ad839ea7d7215

SHA-1:
67144b8eb9bc4140ad9a807b52b3bb97689af80f

SHA-256:
d70b3b4df761ecc5f1ed3d72831b7ebd8b9049834349de68fe41b119ce4c74bf

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:57:35 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
DLOADER.Trojan
9.0.1.0302

Reason Heuristics
PUP.Taobao (L)
16.12.7.13

File size:
52.8 MB (55,372,680 bytes)

Product version:
5.5.6367.1013

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ucbrowser_v5.5.6367.1013_windows_pf101_(build15102708).exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/23/2014 7:00:00 AM

Valid to:
6/22/2016 6:59:59 AM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
348A4D46C9A1A9EDC2B4818465A66BED

File PE Metadata
Compilation timestamp:
10/26/2015 1:56:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
1572864:IkeTuvQANGInIBOwpMdZXi01ra3qp33FYwUB8DIARO:IkeTkQArnKMdX1JHK08

Entry address:
0x8F0F4

Entry point:
E8, 1D, CB, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 80, F7, 4A, 00, 75, 02, F3, C3, E9, C9, 12, 00, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 7A, 1F, 00, 00, 6A, 16, 5E, 89, 30, E8, 41, D2, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A, 24, 68, FF, 00, 00, 00, 57, E8, E7, 9B, FB, FF, 8B, 75, 0C, 83, C4, 0C, 85, F6, 74, D1, 39, 5E, 04, 7F, 12, 7C, 04, 39, 1E, 73, 0C, E8, 40, 1F, 00, 00, 6A, 16, 5E, 89, 30, EB, C9, 6A, 07, 58, 39, 46, 04...
 
[+]

Entropy:
7.9984  (probably packed)

Code size:
692.5 KB (709,120 bytes)

The file ucbrowser_v5.5.6367.1013_windows_pf101_(build15102708).exe has been discovered within the following program.

www.Toolwiz.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file ucbrowser_v5.5.6367.1013_windows_pf101_(build15102708).exe has been seen being distributed by the following 12 URLs.

http://pdds.ucweb.com/.../bypfid?product=UCBrowser&pfid=101&lang=en-us&bid=354&direct=true&from=PC_banner

http://download.fileeagle.com/files/2015/.../UCBrowser_V5.5.6367.1013.exe

temp:UCBrowser_V5.5.6367.1013.exe