UCBrowser.exe

UC Browser

UCWeb Inc.

The application UCBrowser.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address t6-ha.ycpi.sgb.yahoo.com on port 443.
Publisher:
UCWeb Inc.

Product:
UC Browser

Version:
6.0.1308.1201

MD5:
39b36cb7775178d803963a6a0a688fdf

SHA-1:
b1fc246c6e64e48d46c407c6f6f61eefdb84e7fe

SHA-256:
ea2b1b48b6151655331591209eb6e42f3a89ae4de6523f41d287d4d357eb8f91

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/20/2018 2:18:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taoboa (L)
17.2.20.11

File size:
1.2 MB (1,278,864 bytes)

Product version:
6.0.1308.1201

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

File PE Metadata
Compilation timestamp:
2/6/2017 5:41:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x756F8

Entry point:
E8, 19, 09, 00, 00, E9, 8E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1...
 
[+]

Entropy:
6.8535

Code size:
621 KB (635,904 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\ucbrowser\application\ucbrowser.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-171-167-130.eu-west-1.compute.amazonaws.com  (54.171.167.130:443)

TCP (HTTP SSL):
Connects to t6-ha.ycpi.sgb.yahoo.com  (119.161.11.151:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to ec2-54-235-116-122.compute-1.amazonaws.com  (54.235.116.122:80)

Remove UCBrowser.exe - Powered by Reason Core Security