home

ucbrowser.exe

dl

Baidu (China) Co., Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.client.baidu.com.
Publisher:
Baidu (China) Co., Ltd.  (signed and verified)

Product:
dl

Version:
1, 0, 0, 1

MD5:
368115e4889f1d119122092a7a79a02f

SHA-1:
25a7efe649ea6e1693cfe870db31420f70160167

SHA-256:
58a5f6b4d881dd181c751b51396991573885ae557bb6052349a98a75f0ec0246

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/4/2024 11:13:52 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

File size:
303 KB (310,280 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
dl.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\ucbrowser.exe

Digital Signature
Signed by:
Baidu (China) Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
2/12/2015 3:59:59 AM

Valid to:
2/12/2017 3:59:59 AM

Subject:
CN="Baidu (China) Co., Ltd.", O="Baidu (China) Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210CFB2A27022651C11464277F1940F449

File PE Metadata
Compilation timestamp:
12/24/2015 1:10:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:hzfE8+zgC35Piy0ygs7aaDejoravUsb6KczH+6a:hzfZ+zgC3D0ygWaaDeMds+Kc1a

Entry address:
0x22DAC

Entry point:
E8, E3, 9F, 00, 00, E9, 17, FE, FF, FF, E9, F3, 22, 00, 00, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, C8, B0, 43, 00, 8B, 45, F8, 8B, 4D, FC, 6A, 00, 05, 00, 80, C1, 2A, 68, 80, 96, 98, 00, 81, D1, 21, 4E, 62, FE, 51, 50, E8, 47, A0, 00, 00, 8B, 4D, 08, 85, C9, 74, 05, 89, 01, 89, 51, 04, C9, C3, 33, C0, 39, 44, 24, 08, 76, 13, 8B, 4C, 24, 04, 66, 83, 39, 00, 74, 09, 40, 41, 41, 3B, 44, 24, 08, 72, F1, C3, 55, 8B, EC, 53, 56, 8B, 75, 08, 57, 33, FF, 39, 7D, 14, 75, 10, 3B, F7, 75, 10, 39, 7D, 0C, 75, 12...
 
[+]

Code size:
232 KB (237,568 bytes)

The file ucbrowser.exe has been seen being distributed by the following URL.

http://cdn.client.baidu.com/bdcalendar/calendarsetupsd/.../uc_bro_20151226.exe

Scan ucbrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.