» ucp.exe
Overview
Analysis
File Details
Network (1)

ucp.exe

Ultra Core Protector

The application ucp.exe by Ultra Core Protector has been detected as a potentially unwanted program by 9 anti-malware scanners. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. While running, it connects to the Internet address 178-175-237-11.static.host on port 80 using the HTTP protocol.

File name:

ucp.exe

Publisher:

Ultra Core Protector (signed and verified)

Product:

Ultra Core Protector

Version:

8.5

MD5:

ea6c791834a47fd8c3ebc97b74bf2cbc

SHA-1:

c96bc8bf9d8bce9d60632e11c435a448639ecd3c

SHA-256:

6b9455c3e1f0d519f922c54823fa3896029db1043ca74e54a8baeee2ee63aa6e

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 7:17:15 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.SearchProtect

4.0.3.151125

Bkav FE

HW32.Packed

1.3.0.7237

F-Prot

W32/Virut.AI!Generic

v6.4.7.1.166

IKARUS anti.virus

Win32.Heur

t3scan.1.9.5.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.SearchProtect

14.0.0.1066

Reason Heuristics

PUP.UltraCoreProtector (M)

15.11.25.18

Trend Micro House Call

TROJ_GEN.F47V1105

7.2.329

Vba32 AntiVirus

BScope.Trojan.Diple

3.12.22.2

ViRobot

Trojan.Win32.S.Agent.812680[h]

2014.3.20.0

File size:

856.1 KB (876,680 bytes)

Product version:

8.5.0.0

Original file name:

ucp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Ultra Core Protector

Authority:

Ultra Core Protector

Valid from:

9/6/2015 2:18:17 AM

Valid to:

12/31/2039 9:59:59 PM

Subject:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:

0227BF34C6CA4A8F419530419D77F261

File PE Metadata

Compilation timestamp:

9/6/2015 11:48:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:53r49xZOt7pRg81Kr5nHm0BStkKiYp8lp90znG:69xwt4YKrRHm28ppfznG

Entry address:

0x349E8BA

Entry point:

51, 68, D9, 46, ED, F2, 9C, C7, 44, 24, 08, 8F, 1F, DF, E4, 9C, 60, 9C, C7, 44, 24, 2C, 65, F0, E3, 10, 66, C7, 44, 24, 10, B7, 2C, C6, 44, 24, 10, CB, 88, 3C, 24, 88, 4C, 24, 08, 8D, 64, 24, 2C, E9, 7B, 79, 02, 00, E8, 02, A7, FF, FF, 83, C1, 01, 60, 54, 89, 4D, F8, 68, 67, 8C, E8, 6D, 8D, 64, 24, 28, E9, 57, E4, FF, FF, 84, C0, FF, 74, 24, 0C, C6, 44, 24, 04, F7, 8D, 64, 24, 30, 0F, 84, 4B, 30, 02, 00, F8, 2C, 30, 66, 0F, A3, FB, 9C, 3C, 09, 9C, 8D, 64, 24, 08, 0F, 87, 2A, 7F, F5, FF, 9C, 69, D2, 0A, 00... 
[+]

Code size:

282.5 KB (289,280 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 178-175-237-11.static.host (178.175.237.11:80)

Remove ucp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.