UCBrowser.exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application UCBrowser.exe by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address gtburst.com on port 80 using the HTTP protocol.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC Browser

Version:
5.6.13927.1006

MD5:
d4ff04b819c69ee63ce11a842262580f

SHA-1:
59712d0b30f4f0a09af6369c334863b450f7ac2c

SHA-256:
8c9e1d7f80daa6044c7568a8b85ad6cb3911d6873a7d14bbe9da71e4435aa2ea

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2018 5:31:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taobao (L)
16.8.1.13

File size:
1.1 MB (1,193,584 bytes)

Product version:
5.6.13927.1006

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/15/2016 5:00:00 PM

Valid to:
7/14/2018 4:59:59 PM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata
Compilation timestamp:
6/27/2016 3:03:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:Q1QMm55yqwKCERpqewnyNK1QFRTOFvhbH:Q1BqwORpq3CK1QFivR

Entry address:
0x7AAF4

Entry point:
E8, FD, ED, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4, F7...
 
[+]

Entropy:
6.7739

Code size:
624 KB (638,976 bytes)

Windows Firewall Allowed Program
Name:
chromium (mdns-in)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-5-149-103.compute-1.amazonaws.com  (52.5.149.103:80)

TCP (HTTP):
Connects to host-213.158.175.105.tedata.net  (213.158.175.105:80)

TCP (HTTP SSL):
Connects to host-213.158.172.46.tedata.net  (213.158.172.46:443)

TCP (HTTP SSL):
Connects to host-213.158.172.45.tedata.net  (213.158.172.45:443)

TCP (HTTP SSL):
Connects to host-213.158.172.206.tedata.net  (213.158.172.206:443)

TCP (HTTP):
Connects to static.122.238.201.138.clients.your-server.de  (138.201.238.122:80)

TCP (HTTP):
Connects to gtburst.com  (173.244.168.82:80)

TCP (HTTP):
Connects to 198-23-243-26-host.colocrossing.com  (198.23.243.26:80)

TCP (HTTP):
Connects to cluster003.ovh.net  (213.186.33.4:80)

Remove UCBrowser.exe - Powered by Reason Core Security