» ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe
Overview
Analysis
File Details
Downloads (3)
Network (21)

ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe, “UCBrowser Online Installer” by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from en.softonic.com and multiple other hosts. While running, it connects to the Internet address host-105.203.250.147.etisalat.com.eg on port 80 using the HTTP protocol.

File name:

Publisher:

UCWeb Inc. (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:

UC Browser

Description:

UCBrowser Online Installer

Version:

1.0.0.0

MD5:

7676d3d47f1ed6fdc21a6c88c03e06b8

SHA-1:

6ab311745cdc96e628f5bc493e92efab8c89366b

SHA-256:

a8b45ac3f17f38ea9aeed784fa935066544901708fc8e5148c2788005a4e2e7f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 2:36:09 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Taobao (L)

17.2.23.4

File size:

1.2 MB (1,281,696 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe

Digital Signature

Signed by:

TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:

VeriSign, Inc.

Valid from:

6/15/2016 5:00:00 PM

Valid to:

7/14/2018 4:59:59 PM

Subject:

CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata

Compilation timestamp:

2/20/2017 11:24:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x8AF48

Entry point:

E8, 70, 09, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 44, E4, 4C, 00, F2, 75, 02, F2, C3, F2, E9, 28, 00, 00, 00, 55, 8B, EC, 6A, 00, FF, 15, 1C, 13, 4B, 00, FF, 75, 08, FF, 15, E0, 10, 4B, 00, 68, 09, 04, 00, C0, FF, 15, 54, 11, 4B, 00, 50, FF, 15, 74, 12, 4B, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 2B, 45, 02, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 90, 47, 4D, 00, 89, 0D, 8C, 47, 4D, 00, 89, 15, 88, 47, 4D, 00, 89, 1D, 84, 47, 4D, 00, 89, 35, 80, 47, 4D, 00, 89, 3D, 7C, 47, 4D, 00, 66... 
[+]

Entropy:

6.8476

Code size:

703.5 KB (720,384 bytes)

The file ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe has been seen being distributed by the following 3 URLs.

https://en.softonic.com/sads/tracker.php?ev=c&co=NA&sid=b08d37a3-9df6-492b-83a6-d43409443b6c&upv=f5821c27-be28-4a6f-b787-cc1201882998&z=results&sk=0&abp=0&params=090F724149E2BFDECB5F1F70DA25AF86D4321F199C04A8C1FFA5AF209B958C35A9B9305D67AF1F33242FF50CF4F801149CDB74A35797114E12E70B64DE880E46ADA9530356AB9981FBDE4539F2C3739567DFA2C5CF437025D52DC2A6663F6634BFF647912268BC9F380FAB586E58CE9F10F840190C0AC0D59512129F11320024CA35789A83DF6CFA2AC0BA3648D4223C8155F8A469DBE76ED69E0BA7B679391A11EA161DA9A8002BE2A6187430CD93C6&h=44D994D2FAA58E32DF080608C3438C9F4AA26CB58F686A60D7B8155E07C47EAF&directdownload=1&f=69707341&d=http://down2.uc.cn/.../down.php?id=101&pid=4760&type=online_installer

https://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=152791b0-f9e5-4076-b365-d77360129015&upv=63c21da4-fcdc-4701-bde1-2f7bfabcd95b&z=results&sk=0&abp=0&params=090F724149E2BFDECB5F1F70DA25AF86D4321F199C04A8C1FFA5AF209B958C35D18342C56D3CE541FF1699305EC14216B8393380FEE06AB68568576C687AC2C46757960FF15C588C5B115226E6EE0D3A55ACDD632D5F24397B5D0E2FFA49109114C329C944C402DFBE49FE7CB6956D89C186D6D564D4E79AACF3B31AE0EABE2EED4CEE696B7C458A5B45CD4A4D162E84DF423CB9B86B2BD62AAD92A5087AEABE8BF03798DCFF8EB3AAC19FA13364730B&h=0A32C0DF55B49A08983FC5DD86A2CB4B800FD2FCD2643AD2B4F1D55172E6DBCF&directdownload=1&f=69707341&d=http://down2.uc.cn/.../down.php?id=101&pid=4760&type=online_installer

https://en.softonic.com/sads/tracker.php?ev=c&co=IN&sid=0796b3c3-7901-4b12-aaaf-1e967d1cfd7b&upv=cedbbca5-6b30-4a09-9266-4a3839677c42&z=results&sk=0&abp=0&params=090F724149E2BFDECB5F1F70DA25AF86D4321F199C04A8C1FFA5AF209B958C35D18342C56D3CE541FF1699305EC1421682311A45D343D4BA44E60D35B417711144BCCD2D230F75BEE6953FFD373451854D095C1B017D2259B25FFC344F8CEC1C913989E21B2A5E2AE99CEFEF62B147C131FDE742E0BDF6CCE5EB2256C63F61283942047CB75D833B9816D30B6AB6CA6B51F39FBA3EFAF1B7347654F2ED1AFA344347AD8E46865679966D645589B0837B&h=F3BCB721E35FF4F370E100D56B66089C52C5B12EDB0FCFAA3AF8F7EEEDC16C5B&directdownload=1&f=69707341&d=http://down2.uc.cn/.../down.php?id=101&pid=4760&type=online_installer

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to akamai-node-del.spectranet.com (203.92.39.90:80)

TCP (HTTP):

Connects to ipv4-10-121-247.as55666.net (103.247.121.10:80)

TCP (HTTP):

Connects to a96-17-182-51.deploy.akamaitechnologies.com (96.17.182.51:80)

TCP (HTTP):

Connects to a23-76-156-65.deploy.static.akamaitechnologies.com (23.76.156.65:80)

TCP (HTTP):

Connects to a23-65-124-16.deploy.static.akamaitechnologies.com (23.65.124.16:80)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to a147-229-255-89.deploy.akamaitechnologies.com (147.229.255.89:80)

TCP (HTTP):

Connects to host-213.158.175.90.tedata.net (213.158.175.90:80)

TCP (HTTP):

Connects to host-105.203.250.147.etisalat.com.eg (105.203.250.147:80)

TCP (HTTP):

Connects to a96-17-182-48.deploy.akamaitechnologies.com (96.17.182.48:80)

TCP (HTTP):

Connects to a95-101-39-51.deploy.akamaitechnologies.com (95.101.39.51:80)

TCP (HTTP):

Connects to a92-122-241-129.deploy.akamaitechnologies.com (92.122.241.129:80)

TCP (HTTP):

Connects to a72-247-182-18.deploy.akamaitechnologies.com (72.247.182.18:80)

TCP (HTTP):

Connects to a45-121-219-208.deploy.akamaitechnologies.com (45.121.219.208:80)

TCP (HTTP):

Connects to a23-212-108-209.deploy.static.akamaitechnologies.com (23.212.108.209:80)

TCP (HTTP):

Connects to a23-205-118-82.deploy.static.akamaitechnologies.com (23.205.118.82:80)

TCP (HTTP):

Connects to a2-16-4-184.deploy.akamaitechnologies.com (2.16.4.184:80)

TCP (HTTP):

Connects to a184-26-54-27.deploy.static.akamaitechnologies.com (184.26.54.27:80)

TCP (HTTP):

Connects to a184-26-162-83.deploy.static.akamaitechnologies.com (184.26.162.83:80)

TCP (HTTP):

Connects to a173-222-148-11.deploy.static.akamaitechnologies.com (173.222.148.11:80)

Remove ucbrowser_v6.1.2015.1007_4760_(build1702211800)_(en-us)_online_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.