» ucbrowser_v6.1.2015.1007_4618_(build1702211800)_(en-us)_online_installer.exe
Overview
Analysis
File Details
Downloads (3)
Network (21)

ucbrowser_v6.1.2015.1007_4618_(build1702211800)_(en-us)_online_installer.exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v6.1.2015.1007_4618_(build1702211800)_(en-us)_online_installer.exe, “UCBrowser Online Installer” by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from en.softonic.com and multiple other hosts.

File name:

Publisher:

UCWeb Inc. (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:

UC Browser

Description:

UCBrowser Online Installer

Version:

1.0.0.0

MD5:

70c8f923cb6fd93752ff0a39fc1ddba0

SHA-1:

ff82c211f2f913ab9d19fa0f4e0d71f7f2641c31

SHA-256:

fcd4b32e42c6cb833cea3581c87355f12d046504345b1292354973b50f8d9585

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 9:46:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Taobao (L)

17.2.23.4

File size:

1.2 MB (1,281,696 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Digital Signature

Signed by:

TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:

VeriSign, Inc.

Valid from:

6/16/2016 5:30:00 AM

Valid to:

7/15/2018 5:29:59 AM

Subject:

CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata

Compilation timestamp:

2/21/2017 12:54:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x8AF48

Entry point:

E8, 70, 09, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 44, E4, 4C, 00, F2, 75, 02, F2, C3, F2, E9, 28, 00, 00, 00, 55, 8B, EC, 6A, 00, FF, 15, 1C, 13, 4B, 00, FF, 75, 08, FF, 15, E0, 10, 4B, 00, 68, 09, 04, 00, C0, FF, 15, 54, 11, 4B, 00, 50, FF, 15, 74, 12, 4B, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 2B, 45, 02, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 90, 47, 4D, 00, 89, 0D, 8C, 47, 4D, 00, 89, 15, 88, 47, 4D, 00, 89, 1D, 84, 47, 4D, 00, 89, 35, 80, 47, 4D, 00, 89, 3D, 7C, 47, 4D, 00, 66... 
[+]

Entropy:

6.8476

Code size:

703.5 KB (720,384 bytes)

The file ucbrowser_v6.1.2015.1007_4618_(build1702211800)_(en-us)_online_installer.exe has been seen being distributed by the following 3 URLs.

https://en.softonic.com/sads/tracker.php?ev=c&co=MY&sid=af8cbc74-a0dd-4b94-85cd-c7c20d4f1be3&upv=8b0d59fc-a053-446f-91b2-1bca6e5743aa&z=results&sk=0&abp=0&params=090F724149E2BFDECB5F1F70DA25AF86D4321F199C04A8C1FFA5AF209B958C350629BC7D4F3B2A77E17C082CC79626C4D427481E4F1F2005704A1FFDA2759867B3EEE900A57CB386C25A83E5B7F35226BA0477F219A4D2726FC44C6BAB9EC3DD7E8BE31694A1C39569E1F314CF5C087E435FA5D703E9DFBAE4472D550538322749F7C257D9D64C170E7FBE9D4E35A13E663796CB72F809F7349204471334BEE4323F034E202CC0D0F77B55709D87A1FE&h=4949C631DA75B21ADB1466F76C92219687737B33BFDBF538C9DF766F4188D8A2&directdownload=1&f=69707341&d=http://down2.uc.cn/.../down.php?id=101&pid=4618&type=online_installer

http://umcdnpc.ucweb.com/down/i18n/35151/.../UCBrowser_V6.1.2015.1007_4618_(Build1702211800)_(en-us)_online_installer.exe

https://uc-browser.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAPZd55OJa3 wyJQEOQAfjSvFv8jJ8md0s2vRMyNcgCYMr16MYERHb/.../6 QJdGyVZEwyQcEgibvT3iiI09ewI4mb LGnase3A==

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a96-17-182-51.deploy.akamaitechnologies.com (96.17.182.51:80)

TCP (HTTP):

Connects to a104-103-70-113.deploy.static.akamaitechnologies.com (104.103.70.113:80)

TCP (HTTP):

Connects to 103-16-152-202-noc.bsccl.com (103.16.152.202:80)

TCP (HTTP):

Connects to static.ill.117.239.122.27/24.bsnl.in (117.239.122.27:80)

TCP (HTTP):

Connects to rlchq901.ghanatel.com.gh (80.87.65.83:80)

TCP (HTTP):

Connects to node-202-78-239-170.alliancebroadband.in (202.78.239.170:80)

TCP (HTTP):

Connects to cable190-248-95-112.une.net.co (190.248.95.112:80)

TCP (HTTP):

Connects to a92-123-180-185.deploy.akamaitechnologies.com (92.123.180.185:80)

TCP (HTTP):

Connects to a72-247-178-91.deploy.akamaitechnologies.com (72.247.178.91:80)

TCP (HTTP):

Connects to a60-254-131-55.deploy.akamaitechnologies.com (60.254.131.55:80)

TCP (HTTP):

Connects to a23-212-50-94.deploy.static.akamaitechnologies.com (23.212.50.94:80)

TCP (HTTP):

Connects to a23-211-135-10.deploy.static.akamaitechnologies.com (23.211.135.10:80)

TCP (HTTP):

Connects to a23-15-34-18.deploy.static.akamaitechnologies.com (23.15.34.18:80)

TCP (HTTP):

Connects to a184-25-109-18.deploy.static.akamaitechnologies.com (184.25.109.18:80)

TCP (HTTP):

Connects to a173-222-148-8.deploy.static.akamaitechnologies.com (173.222.148.8:80)

TCP (HTTP):

Connects to a104-86-110-122.deploy.static.akamaitechnologies.com (104.86.110.122:80)

TCP (HTTP):

Connects to a104-118-7-35.deploy.static.akamaitechnologies.com (104.118.7.35:80)

TCP (HTTP):

Connects to a104-118-7-32.deploy.static.akamaitechnologies.com (104.118.7.32:80)

TCP (HTTP):

Connects to a104-118-7-25.deploy.static.akamaitechnologies.com (104.118.7.25:80)

TCP (HTTP):

Connects to 115.112.0.7.STATIC-Mumbai.vsnl.net.in (115.112.0.7:80)

Remove ucbrowser_v6.1.2015.1007_4618_(build1702211800)_(en-us)_online_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.