» ucp.exe
Overview
Analysis
File Details
Network (1)

ucp.exe

Ultra Core Protector

The application ucp.exe by Ultra Core Protector has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address hosting.profitserver.ru on port 80 using the HTTP protocol.

File name:

ucp.exe

Publisher:

Ultra Core Protector (signed and verified)

Product:

Ultra Core Protector

Version:

8.3

MD5:

47049b5d677674665c75d0a38b5846ee

SHA-1:

611e3647537842210966e4c0e198fe63d1a39d6f

SHA-256:

5bb9dbe7f967f96b0d1bded745f0cac699194afb121d523926fe7c4eb68bf074

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 7:58:39 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.6979

Reason Heuristics

PUP.UltraCoreProtector (M)

15.8.24.17

Trend Micro House Call

TROJ_GEN.F47V1206

7.2.192

File size:

772.6 KB (791,176 bytes)

Product version:

8.3.0.0

Original file name:

ucp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\counter-strike\ucp.exe

Digital Signature

Signed by:

Ultra Core Protector

Authority:

Ultra Core Protector

Valid from:

2/19/2014 9:23:56 PM

Valid to:

1/1/2040 3:59:59 AM

Subject:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:

361CF8756746879744BD2E8434D33368

File PE Metadata

Compilation timestamp:

3/6/2014 1:02:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:044RfqSLUn89MiWrL0IVSESN8rtDE/IWu4:v4j9MiWrL0IVSuQwW

Entry address:

0x33FD6A4

Entry point:

60, 60, C7, 44, 24, 3C, 88, 07, D6, 6B, 56, FF, 74, 24, 14, 66, 89, 64, 24, 20, C7, 44, 24, 40, 7C, 5A, 68, 8F, 66, C7, 44, 24, 08, F9, A3, 9C, 66, C7, 44, 24, 04, 66, DB, 9C, 8D, 64, 24, 48, E9, 72, F3, 0A, 00, 8D, 64, 24, 40, 0F, 87, A4, D9, FF, FF, 9C, 9C, E9, 97, D9, FF, FF, E8, 02, 3E, 00, 00, 50, E8, DF, A4, FF, FF, 0F, 9C, C0, 0F, 96, C1, 59, E9, 47, B9, FF, FF, 68, 32, 7B, 1F, 50, 66, B8, BD, 08, 8B, 42, 08, 60, FF, 34, 24, 66, C7, 44, 24, 14, 94, 4B, 8D, 64, 24, 28, E9, 01, C1, FF, FF, 9C, 9C, E8... 
[+]

Entropy:

7.9736 (probably packed)

Code size:

351.5 KB (359,936 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hosting.profitserver.ru (185.144.28.164:80)

Remove ucp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.