UCBrowser.exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application UCBrowser.exe by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program UC Browser by UCWeb Inc.. While running, it connects to the Internet address https-178-79-202-102.mad1.llnw.net on port 443.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC Browser

Version:
5.7.14488.1025

MD5:
72ed9cfbc284ffe6ad73ad7b0d486647

SHA-1:
15eec02665086a783a5300f904192bb5dc23b911

SHA-256:
f5c77b57abad66d1ca20c8cb9d0833381f836cd1ad2e35900c6eabfcd986cd9b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/20/2018 4:20:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taobao (L)
16.8.15.7

File size:
1.1 MB (1,153,296 bytes)

Product version:
5.7.14488.1025

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/16/2016 5:00:00 AM

Valid to:
7/15/2018 4:59:59 AM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata
Compilation timestamp:
8/15/2016 9:30:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:uM7d6Nt+m4cskoK43pIbkUVSM3RTOFvnIti:uMJcskoKwRUVl3ivIti

Entry address:
0x756E9

Entry point:
E8, C0, 08, 00, 00, E9, 80, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB...
 
[+]

Entropy:
6.7367

Code size:
622 KB (636,928 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\ucbrowser\application\ucbrowser.exe" -- "%1"


The file UCBrowser.exe has been discovered within the following program.

UC Browser  by UCWeb Inc.
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cds148.sin.llnw.net  (117.121.249.192:80)

TCP (HTTP):
Connects to redirect.dc1.hwcdn.net  (69.16.184.134:80)

TCP (HTTP SSL):
Connects to https-178-79-202-102.mad1.llnw.net  (178.79.202.102:443)

TCP (HTTP):
Connects to https-117-121-250-230.sin.llnw.net  (117.121.250.230:80)

TCP (HTTP SSL):
Connects to ec2-52-21-17-185.compute-1.amazonaws.com  (52.21.17.185:443)

TCP (HTTP SSL):
Connects to co2sch010010351.gateway.messenger.live.com  (65.55.252.36:443)

TCP (HTTP SSL):
Connects to cache.google.com  (103.15.42.211:443)

TCP (HTTP SSL):
Connects to a23-211-210-246.deploy.static.akamaitechnologies.com  (23.211.210.246:443)

TCP (HTTP SSL):
Connects to a104-122-82-183.deploy.static.akamaitechnologies.com  (104.122.82.183:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

Remove UCBrowser.exe - Powered by Reason Core Security