home

UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address unknown.telstraglobal.net on port 80 using the HTTP protocol.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
6.0.1308.1011

MD5:
715cd08cdb690155550faf4bcab8aa90

SHA-1:
289618be27b84069524ca3b434895d822558aba1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 2:33:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.1.31.6

File size:
1.2 MB (1,287,056 bytes)

Product version:
6.0.1308.1011

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
1/5/2017 10:52:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x756F8

Entry point:
60, EB, 09, F7, C2, AE, 02, 71, 7F, F6, C3, 34, 68, 58, 4C, E1, 00, 68, C8, 87, C8, 00, C7, C7, CD, A4, E0, B2, 21, EB, 3A, EB, 70, 07, 0F, AF, C9, 0F, AF, C8, F2, 72, 06, C7, C3, EF, 58, 00, 79, BA, E6, D2, 62, 1F, 8D, 35, 95, A4, E9, E6, 4A, 86, FB, E8, 00, 00, 00, 00, 1B, D8, 8D, 35, 35, 09, 68, 4D, 28, D8, 81, FB, 5D, B1, 00, 00, 76, 08, B9, 9A, 32, EF, 3B, 41, 85, F0, 3B, C8, 77, 07, BA, 2D, 1B, 7A, 7F, 29, C2, 3D, D4, 06, A9, 64, 4B, 83, E7, 00, 69, CA, 39, C0, 8A, 6C, 0B, F9, B0, 8B, 88, DD, 03, EF...
 
[+]

Entropy:
6.8666

Code size:
621 KB (635,904 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\ucbrowser\application\ucbrowser.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to reserved.sysweb.ro  (146.185.130.123:80)

TCP (HTTP SSL):
Connects to 94.31.29.55.IPYX-077437-ZYO.above.net  (94.31.29.55:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (202.127.76.232:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP):
Connects to 123-125-232-198.static.unitasglobal.net  (198.232.125.123:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to server-54-230-79-83.cdg50.r.cloudfront.net  (54.230.79.83:443)

TCP (HTTP SSL):
Connects to ns346140.ip-37-187-173.eu  (37.187.173.73:443)

TCP (HTTP SSL):
Connects to a23-47-237-252.deploy.static.akamaitechnologies.com  (23.47.237.252:443)

TCP (HTTP SSL):
Connects to ec2-54-171-39-69.eu-west-1.compute.amazonaws.com  (54.171.39.69:443)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.