» u1103.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

u1103.exe

The application u1103.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. This executable runs as a local area network (LAN) Internet proxy server listening on port 9666 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. The file has been seen being downloaded from download1335.mediafire.com and multiple other hosts.

File name:

u1103.exe

MD5:

0fa5a44db46d695514eb288203ed3f15

SHA-1:

08a234aa86036fcd1a208994b88668ee5ac0b851

SHA-256:

0c6b0c57b33d031a0e4937022c1ee1f180692740251e8c8339a5b449219e5bb9

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

5/2/2024 2:39:07 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Hacktool.Win32.UltraSurf

4.0.3.14328

Clam AntiVirus

Trojan.Ultrasurf-1

0.98/18355

Comodo Security

Application.Win32.NetTool.UltraSurf.KU

17985

ESET NOD32

Win32/UltraReach

8.9584

IKARUS anti.virus

not-a-virus:NetTool.Win32.UltraSurf

t3scan.2.2.29

Kaspersky

not-a-virus:NetTool.Win32.UltraSurf

14.0.0.4104

NANO AntiVirus

Riskware.Win32.UltraSurf.gzvpk

0.28.0.58491

Quick Heal

NetTool.UltraSurf.ku (Not a Virus)

3.14.12.00

Trend Micro House Call

ADW_SCANNER

7.2.87

Trend Micro

ADW_SCANNER

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

27702

File size:

1.2 MB (1,249,280 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

11/23/2011 5:20:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:2htOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:2LO3LjouAh2LbOLdLAqooE

Entry address:

0x691000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 70, 0C, 00, 2D, A9, 88, 09, 10, 05, 9E, 88, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 12, 1C, 13, 71, 68, FF, 48, 35, 24, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 24, 94, EC, 91, A0, F0, 01, 5D, 9E, D8, 21, 33, 25, 26... 
[+]

Code size:

340 KB (348,160 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:9666/

Local host port:

9666

Default credentials:

The file u1103.exe has been seen being distributed by the following 2 URLs.

http://download1335.mediafire.com/5855ccc8p5kg/.../u1103.exe

http://dc434.4shared.com/download/.../U1103.exe

Remove u1103.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.