home

ucbrowser_v5.6.13927.1006_windows_pf101_(build16062719).exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v5.6.13927.1006_windows_pf101_(build16062719).exe by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from pdds.ucweb.com and multiple other hosts.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC Browser

Version:
5.6.13927.1006

MD5:
74ceeb265e923d8df36158ec4d481c9d

SHA-1:
878d82ab0f9d075c3a2ad38ee074aade597f036f

SHA-256:
b1bcc25a3af35d8e113c9e9c474d54cf75b8daef08bb0632efaf3ecc06964b08

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/18/2024 6:11:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taobao (L)
16.7.16.12

File size:
49.8 MB (52,244,592 bytes)

Product version:
5.6.13927.1006

Copyright:
Copyright 2008-2014 UCWeb Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ucbrowser_v5.6.13927.1006_windows_pf101_(build16062719).exe

Digital Signature
Signed by:
TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:
VeriSign, Inc.

Valid from:
6/15/2016 5:00:00 PM

Valid to:
7/14/2018 4:59:59 PM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata
Compilation timestamp:
6/27/2016 3:18:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
1572864:v40T5EPGYKwakiT9T5IGNIIcPs/nP7S8wFvEsjbfaSY76g9a:v40iGYPahB5xZs3il6g0

Entry address:
0xA2067

Entry point:
E8, 7A, C8, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, E0, 17, 4C, 00, 75, 02, F3, C3, E9, C9, 12, 00, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 7A, 1F, 00, 00, 6A, 16, 5E, 89, 30, E8, 8E, D1, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A, 24, 68, FF, 00, 00, 00, 57, E8, 59, 88, FB, FF, 8B, 75, 0C, 83, C4, 0C, 85, F6, 74, D1, 39, 5E, 04, 7F, 12, 7C, 04, 39, 1E, 73, 0C, E8, 40, 1F, 00, 00, 6A, 16, 5E, 89, 30, EB, C9, 6A, 07, 58, 39, 46, 04...
 
[+]

Entropy:
7.9980  (probably packed)

Code size:
768 KB (786,432 bytes)

The file ucbrowser_v5.6.13927.1006_windows_pf101_(build16062719).exe has been seen being distributed by the following 5 URLs.

http://pdds.ucweb.com/download/newest/UCBrowser/id/101/.../PC_banner

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19094&pfid=101&bid=33188&lang=spanish&from=www-dft-dft-pc

http://uc-browser.en.softonic.com/download-tracker?th=1/.../2rOqu2uIn8OjuReera8pz925w ZaVvBqdCA8iC3escenF3uqjDnXKnahgQ9PALitQ2VdfJBVdqFyG2v1ucFNGP7WSxSoNpeNAUi yBWeTbnSq qG5x3tbg==

http://download.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V5.6.13927.1006_windows_pf101_(Build16062719).exe

http://pdds.ucweb.com/download/newest/UCBrowser/en-us/101/.../PC_banner

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.