home

ucbrowser_v6.0.1807.1000_windows_pf101_(build17012313).exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v6.0.1807.1000_windows_pf101_(build17012313).exe, “UCBrowser Online Installer” by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 2 anti-malware scanners. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address akamai-25-jnb2-pe1.tenet.ac.za on port 80 using the HTTP protocol.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC Browser

Description:
UCBrowser Online Installer

Version:
1.0.0.0

MD5:
0f9de35d1871a1dc5beeef9f5f312e45

SHA-1:
c015e1230742f7dee9888f1ec6e21e90a9b77499

SHA-256:
7322bcc905f7210531452e0522f5b9c5f00bdeedb8363ddf3807d22022072464

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:33:55 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Taobao.D potentially unwanted application
6.3.12010.0

Reason Heuristics
PUP.Taobao (L)
17.2.20.16

File size:
1.3 MB (1,351,056 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\ucbrowser_v6.0.1807.1000_windows_pf101_(build17012313).exe

Digital Signature
Signed by:
TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:
VeriSign, Inc.

Valid from:
6/16/2016 5:30:00 AM

Valid to:
7/15/2018 5:29:59 AM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata
Compilation timestamp:
1/23/2017 8:18:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x93EF8

Entry point:
E8, 00, 0A, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 34, 96, 4D, 00, F2, 75, 02, F2, C3, F2, E9, 7A, 02, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 57, 33, FF, 8B, 44, 24, 10, 0B, C0, 7D, 14, 47, 8B, 54, 24, 0C, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 10, 89, 54, 24, 0C, 8B, 44, 24, 18, 0B, C0, 7D, 13, 8B, 54, 24, 14, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 18, 89, 54, 24, 14, 0B, C0, 75, 1B, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, 44, 24, 0C, F7, F1, 8B, C2, 33, D2, 4F, 79, 4E...
 
[+]

Entropy:
6.7868

Code size:
742.5 KB (760,320 bytes)

The file ucbrowser_v6.0.1807.1000_windows_pf101_(build17012313).exe has been seen being distributed by the following 17 URLs.

https://dw.uptodown.com/dwn/UcEvk3nl59oHau7YYmeMfArbJRxVHpYeqd6ov25h33HfSriEV8YKbQz9u6pWhpnn5o6_xdEYuEFGmQdpDm2S6vYptTOZN1QXQJBrr_zMnEK-KVAtNNxhs5_NrDgTXB9o/CDlxkZVS_8EYszvOzAwyVeGw6y0itAgE6KU4ImKpZWj8ct5RbHMHKotaqF312fujVNDRaNFU61Z2v1myDijjKIFbyLaA0c_v2pjjFYNigLnI0C6AWXn8BAjqxw_g1uER/mGvc9Debb0wYVBoBHSSpcIkWBmqL5Te7fusl3Q96F4p7iSJaB4GxZWgDsH0NmGpeYJnxK49dhnsQSUvv2qBQjrBc697pT6LanMiRH7YKt0QYirSeOm5ORvPErr4qX6Mj/.../

https://dw.uptodown.com/dwn/ZvmNs2oSoRR1AfMM3cPs7LUZdecWbED7_Jwah9gHI8LLzAKLdrx5VHd1SM10sKyZYRjURDFVe7UyXT8MTCP85jui_Z5pqpDMR2sH-2pUy1YVxBHohV7R4yD4dmr3bnEO/xlSLdj12KBJRd7l6VcE2GVyYmhNX03FZr4wzpPI1SuOYagss5pQBVnLkBhr5J8-YTWJVvF4YkharCIPctXMJIvwmGho55ae1DOLYhARSavfET8_AImQzcMVzjYkjIf17/oRTJc8jfUwodoQi8zYclnRmrmhP3TecPKYkU7dO3iWrQPxY8BrhLVhSbYsz2NRUO1Hahz-Uyz8TpkwQ2LK8H7zsbqjV0LlqWxCAU6M-l10WlrebG6XS7naoga9MbJfmf/.../

http://pdds.ucweb.com/download/newest/UCBrowser/Pt-br/101/.../PC_banner

http://pdds.ucweb.com/download/newest/UCBrowser/es-la/101/.../PC_banner

http://dw.uptodown.com/dwn/Wd6CIfC5gZYNlowykJWaTcnbQEuubEIrqxb_NmRVcpP6-8ViruNWGHmnU9TdTqrParlrWhAqsQT4-FPjST5ptpvjDI6FpEVq-uaFNAKq02C_o4nXLDSe4KdkQkdO81KW/XN0Ro8i4bYHO7pmfPY6aDPBqt2Em4DswlJzX7Vfs1uWOh9g7PfwbPik8CrqGKKTwq5f145NiGxte8UA9NaA2NusTQ5eI_5Ayiok5-Yhlb62apEfpE5E_Wt3t4LXTVUU_/uABM8nZO8aSeXWgHtrOtI9toDwGK8ns5PSjIbcDsPCitIPM4i7jcdSj5Q6-1o8H1nd5aJbbjJXyAFgGZnERQQZHLM57FqpppEJx_KUtHvHPB-foWjl1SBH8EEo8tkGwn/.../

http://pdds.ucweb.com/download/newest/UCBrowser/ar-sa/101/.../PC_banner

https://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=22372&pfid=101&bid=33436&lang=arabic&from=www-dft-dft-pc

http://dw.uptodown.com/dwn/xzUfyr2-rQ5mpJTmWwP0SwPo0C0-u3HoQY1MqanhkqLOXdUg2ZGbFsHmK0Byj0brDlpaaZgIsyc4GaONnJrQKH4CziYBvG_b9SvpljUCdcBD7n_vFujmfhRBfdpYlmZj/cSMEzWdQ7EPDu7Hb8mfI72Hug7fbpk9ivRr-eE243DvQlqXI6hJCVhch8GEBrWiDi-tL_WTCuuoa5WNmFuZinD-GaYg259LjgL2_qMkNdAuFtY08EXri48Ol9I02F3L_/OPzWgm33GSAQkzwgRxJX2EAyBPOrmGZzvn8nlUTiMF8xP4Z8-nrBjlzeicGn7l2qQri0KOD-nPcLWrhGy-qZ1XwixrWB2WPQCoMYLy490dvIPkMgJxOisq37tlM5vNk0/.../

https://dw.uptodown.com/dwn/hf8v5VQTKc2D5dajiSLMrvY06A6_jWqR2nCKntfWLtBU0mZTk3npY5iQaZJyJdExuUgOi2wtq9_C0w456ttG3Q2dQ1VgGlG2z6J2ByxpbuujCTQ0RsO4Om62OMxNkLW5/CuF5squj4eiDryQhUZSpOeOLDzBz0OC_q6PhnGzR7z4Lbmksego58n79jp1ddZWH1skxfqxhtPJSBRrJbe5tz1Yy12b4nx8tl5h5kokMtLQu1VlUPQganORRMH0YPCpG/wB_sh0GbLi4z1T2GRAV5H_KLL7G60kyOGN3wU5H5kZz0gdJuBA6TXYnDRUyTb7UIkphx1qOM0d4PcOyfa3pp1DVhe2r-TcaPA4LUAHQjT3ecFLuR6_-9opsAUCJntdNJ/.../

http://pdds.ucweb.com/.../bypfid?product=UCBrowser&pfid=101&lang=en-us&bid=354&direct=true&from=PC_banner

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=22363&pfid=101&bid=354&lang=english&from=www-dft-dft-pc

https://gjxz.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V6.0.1807.1000_windows_pf101_(Build17012313).exe

https://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=22363&pfid=101&bid=354&lang=english&from=www-dft-dft-pc

http://dw.uptodown.com/dwn/tyZmybxUwp0DJC21FN4OWnCGIIaq6BRqc7dpBJPv9um_NGK3TYfDga-r-dNO0QejXrlVpTmcnUj0b-LtlhY8Th8YbG_xa9C_RchGF2FB-xqKjLfWTJVmCx0k1YkqYzoZ/cPa_W1MSZg0xvTBdAmJD7wO1Y-QiyF7G3-IpRtKidf8mspiN5D2KPVtyrrprt2QYz2Q9naVC-V4v4F7QNt9QkkJjTvIWWLYsI5gKTCabn9nBwr7Y8R_BNVYFETWLgrek/jSggp5cxZ9P1G8h3G_uokTznlKJ1K97QPsRhdbQiBqwZI28hotE-32Dz4gLuJFnDvDFU8uf27OoXCLSrFwi6m0ZsehI-OslhEBW2w2m13FRfY1ncH4qGb1WW6zzgiU_S/.../

http://pdds.ucweb.com/download/newest/UCBrowser/en-us/101/.../PC_banner

http://gjxz.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V6.0.1807.1000_windows_pf101_(Build17012313).exe

http://pdds.ucweb.com/download/newest/UCBrowser/en-us/101/.../pcweb

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a92-122-241-170.deploy.akamaitechnologies.com  (92.122.241.170:80)

TCP (HTTP):
Connects to node-202-78-239-176.alliancebroadband.in  (202.78.239.176:80)

TCP (HTTP):
Connects to a23-215-130-209.deploy.static.akamaitechnologies.com  (23.215.130.209:80)

TCP (HTTP):
Connects to 201-0-220-97.dial-up.telesp.net.br  (201.0.220.97:80)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to abs-static-82.92.251.27.aircel.co.in  (27.251.92.82:80)

TCP (HTTP):
Connects to a92-122-241-139.deploy.akamaitechnologies.com  (92.122.241.139:80)

TCP (HTTP):
Connects to a72-246-97-9.deploy.akamaitechnologies.com  (72.246.97.9:80)

TCP (HTTP):
Connects to 201.47.97.57.static.host.gvt.net.br  (201.47.97.57:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.251:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (202.127.76.232:80)

TCP (HTTP):
Connects to subs03-180-214-233-171.three.co.id  (180.214.233.171:80)

TCP (HTTP):
Connects to static-200.255.200.49-tataidc.co.in  (49.200.255.200:80)

TCP (HTTP):
Connects to static.ill.117.239.91.42/24.bsnl.in  (117.239.91.42:80)

TCP (HTTP):
Connects to mx-ll-110.164.11-217.static.3bb.co.th  (110.164.11.217:80)

TCP (HTTP):
Connects to ip73.maximidianet.com.br  (179.108.128.73:80)

TCP (HTTP):
Connects to host-213.158.175.83.tedata.net  (213.158.175.83:80)

TCP (HTTP):
Connects to etg-01-017.etg.ras.cantv.net  (200.44.26.17:80)

TCP (HTTP):
Connects to client-200.60.136.25.speedy.net.pe  (200.60.136.25:80)

TCP (HTTP):
Connects to akamai-25-jnb2-pe1.tenet.ac.za  (196.24.45.25:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.