ucp.exe

Ultra Core Protector

Ultra Core Protector

The application ucp.exe by Ultra Core Protector has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address hosting.profitserver.ru on port 80 using the HTTP protocol.
Publisher:
Ultra Core Protector  (signed and verified)

Product:
Ultra Core Protector

Version:
8.3

MD5:
47049b5d677674665c75d0a38b5846ee

SHA-1:
611e3647537842210966e4c0e198fe63d1a39d6f

SHA-256:
5bb9dbe7f967f96b0d1bded745f0cac699194afb121d523926fe7c4eb68bf074

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:37:21 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6979

Reason Heuristics
PUP.UltraCoreProtector (M)
15.8.24.17

Trend Micro House Call
TROJ_GEN.F47V1206
7.2.192

File size:
772.6 KB (791,176 bytes)

Product version:
8.3.0.0

Copyright:
Copyright © 2008-2014, Written by Endi

Original file name:
ucp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\counter-strike\ucp.exe

Digital Signature
Authority:
Ultra Core Protector

Valid from:
2/19/2014 9:23:56 PM

Valid to:
1/1/2040 3:59:59 AM

Subject:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:
361CF8756746879744BD2E8434D33368

File PE Metadata
Compilation timestamp:
3/6/2014 1:02:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
24576:044RfqSLUn89MiWrL0IVSESN8rtDE/IWu4:v4j9MiWrL0IVSuQwW

Entry address:
0x33FD6A4

Entry point:
60, 60, C7, 44, 24, 3C, 88, 07, D6, 6B, 56, FF, 74, 24, 14, 66, 89, 64, 24, 20, C7, 44, 24, 40, 7C, 5A, 68, 8F, 66, C7, 44, 24, 08, F9, A3, 9C, 66, C7, 44, 24, 04, 66, DB, 9C, 8D, 64, 24, 48, E9, 72, F3, 0A, 00, 8D, 64, 24, 40, 0F, 87, A4, D9, FF, FF, 9C, 9C, E9, 97, D9, FF, FF, E8, 02, 3E, 00, 00, 50, E8, DF, A4, FF, FF, 0F, 9C, C0, 0F, 96, C1, 59, E9, 47, B9, FF, FF, 68, 32, 7B, 1F, 50, 66, B8, BD, 08, 8B, 42, 08, 60, FF, 34, 24, 66, C7, 44, 24, 14, 94, 4B, 8D, 64, 24, 28, E9, 01, C1, FF, FF, 9C, 9C, E8...
 
[+]

Entropy:
7.9736  (probably packed)

Code size:
351.5 KB (359,936 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosting.profitserver.ru  (185.144.28.164:80)

Remove ucp.exe - Powered by Reason Core Security