ucp.exe

Ultra Core Protector

Ultra Core Protector

The application ucp.exe by Ultra Core Protector has been detected as a potentially unwanted program by 9 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. While running, it connects to the Internet address host-112-106-139-37.sevstar.net on port 80 using the HTTP protocol.
Publisher:
Ultra Core Protector  (signed and verified)

Product:
Ultra Core Protector

Version:
8.5

MD5:
3db84ff86306e3f18e46faf5a3d6f4a3

SHA-1:
8f22a2f38ced369e914f518d04a7fea36e111990

SHA-256:
0f2baf2499261ddaa75f75202a7db307b3b45b9a9224ce33c3af5239bacb0ca8

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 7:22:26 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Heur
2016.0.2974

Baidu Antivirus
Adware.Win32.SearchProtect
4.0.3.15927

Bkav FE
HW32.Packed
1.3.0.7237

F-Prot
W32/Virut.AI!Generic
v6.4.7.1.166

IKARUS anti.virus
Win32.Heur
t3scan.1.9.5.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.SearchProtect
14.0.0.1364

Reason Heuristics
PUP.UltraCoreProtector (M)
15.9.27.6

Trend Micro House Call
TROJ_GEN.F47V1105
7.2.270

Vba32 AntiVirus
BScope.Trojan.Diple
3.12.22.2

File size:
979.1 KB (1,002,632 bytes)

Product version:
8.5.0.0

Copyright:
Copyright © 2008-2015, Written by Endi

Original file name:
ucp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucp.ge\counter strike 1.6\ucp.exe

Digital Signature
Authority:
Ultra Core Protector

Valid from:
9/6/2015 9:18:17 AM

Valid to:
1/1/2040 3:59:59 AM

Subject:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:
CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:
0227BF34C6CA4A8F419530419D77F261

File PE Metadata
Compilation timestamp:
9/6/2015 10:11:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
24576:s0w0RmWRy+D0hZ1yNZjzgSDcLxlmT+54jmYiha:PjRDRKyngSDcmTA4riha

Entry address:
0x3515772

Entry point:
E8, 50, EB, FF, FF, 60, C7, 44, 24, 40, 7B, A3, 82, F2, E8, B4, E3, F3, FF, 77, 04, C5, CE, 7B, C4, 8C, C9, C4, 71, A3, C1, 7A, 57, 53, A1, 16, E3, 87, B5, 5A, 47, 5C, 49, 5A, 47, 75, 78, 15, 75, 1C, 86, B0, 9C, 6B, 7C, 79, 61, F5, 08, 1E, B1, C3, B0, D9, D4, 32, 82, 95, 32, 84, C2, 5D, 0A, 40, 4E, 69, 26, 58, F5, 41, 9F, 12, 80, F4, A1, D0, E3, DF, 4D, 15, 3B, 86, 9B, 90, 93, D9, 03, 85, AF, F4, 62, 6C, 17, 0D, 7C, 79, 9A, 08, 7C, EA, 46, 51, 2E, 2F, 22, 1F, 13, 91, 57, 3B, F7, 11, 0E, 23, 20, D7, A6, 24...
 
[+]

Entropy:
7.9810  (probably packed)

Code size:
362 KB (370,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to kontrolpanel.dediweb.dk  (195.154.216.135:80)

TCP (HTTP):
Connects to host-112-106-139-37.sevstar.net  (37.139.106.112:80)

TCP (HTTP):
Connects to host194.rax.ru  (88.212.201.194:80)

TCP (HTTP):
Connects to a104-96-140-251.deploy.static.akamaitechnologies.com  (104.96.140.251:80)

TCP (HTTP):
Connects to IP95.troubleshooter.me  (93.123.18.95:80)

TCP (HTTP):
Connects to prophpbb.com  (67.23.238.28:80)

TCP (HTTP):
Connects to mx1.cbox.ws  (198.23.109.210:80)

TCP (HTTP):
Connects to host208.rax.ru  (88.212.201.208:80)

TCP (HTTP):
Connects to host26.rax.ru  (88.212.196.66:80)

TCP (HTTP):
Connects to host42.rax.ru  (88.212.196.72:80)

TCP (HTTP):
Connects to host01.rax.ru  (88.212.196.101:80)

TCP (HTTP):
Connects to ec2-54-85-127-70.compute-1.amazonaws.com  (54.85.127.70:80)

TCP (HTTP):
Connects to host64.rax.ru  (88.212.196.124:80)

TCP (HTTP):
Connects to host37.rax.ru  (88.212.196.77:80)

TCP (HTTP):
Connects to host05.rax.ru  (88.212.196.105:80)

TCP (HTTP):
Connects to 185.8.212.13.ip.uzinfocom.uz  (185.8.212.13:80)

TCP (HTTP):
Connects to 11.ip-51-255-160.eu  (51.255.160.11:80)

Remove ucp.exe - Powered by Reason Core Security