» ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe
Overview
Analysis
File Details
Downloads (18)
Network (7)

ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe

UC Browser

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe, “UCBrowser Online Installer” by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address etg-01-017.etg.ras.cantv.net on port 80 using the HTTP protocol.

File name:

Publisher:

UCWeb Inc. (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:

UC Browser

Description:

UCBrowser Online Installer

Version:

1.0.0.0

MD5:

b741688e4fcd122e8309577803bea078

SHA-1:

3a08922bceb0c64f04fed36cd1b3d6ccb86eecfb

SHA-256:

b6e1c68b2171ce58a58a67518c489ca5ebff2db2d2dbcceb8d7aad78c7670405

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 9:15:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Taobao (L)

16.7.25.5

File size:

1.2 MB (1,280,896 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe

Digital Signature

Signed by:

TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:

VeriSign, Inc.

Valid from:

6/16/2016 8:00:00 AM

Valid to:

7/15/2018 7:59:59 AM

Subject:

CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata

Compilation timestamp:

7/22/2016 2:11:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

24576:pzYJTZ6IY57bKxnNpQ3eHWNkKtD1XPTDZ/l5jhRcEbNttbufcFixNlWy4L:xYX2baf5WOEDdTDZ95sstuIixOL

Entry address:

0x8A2B8

Entry point:

E8, 50, 09, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 44, D4, 4C, 00, F2, 75, 02, F2, C3, F2, E9, 28, 00, 00, 00, 55, 8B, EC, 6A, 00, FF, 15, E8, 01, 4B, 00, FF, 75, 08, FF, 15, E4, 00, 4B, 00, 68, 09, 04, 00, C0, FF, 15, 50, 01, 4B, 00, 50, FF, 15, 74, 02, 4B, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 3B, 45, 02, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 70, 37, 4D, 00, 89, 0D, 6C, 37, 4D, 00, 89, 15, 68, 37, 4D, 00, 89, 1D, 64, 37, 4D, 00, 89, 35, 60, 37, 4D, 00, 89, 3D, 5C, 37, 4D, 00, 66... 
[+]

Entropy:

6.8438

Code size:

700 KB (716,800 bytes)

The file ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe has been seen being distributed by the following 18 URLs.

temp:UCBrowser_V5.7.14488.1207_windows_pf101_(Build16072217).exe

http://pdds.ucweb.com/download/newest/UCBrowser/ar-sa/101/.../PC_banner

http://pdds.ucweb.com/download/newest/UCBrowser/ru/101/.../PC_banner

http://www.filehorse.com/download/file/.../

http://pdds.ucweb.com/download/newest/UCBrowser/Pt-br/101/.../PC_banner

http://wap3.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V5.7.14488.1207_windows_pf101_(Build16072217).exe

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19421&pfid=101&bid=400&lang=russian&from=www-dft-dft-pc

http://pdds.ucweb.com/download/newest/UCBrowser/es-la/101/.../PC_banner

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19419&pfid=101&bid=402&lang=indonesia&from=www-dft-dft-pc

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19423&pfid=101&bid=33033&lang=portuguese&from=www-dft-dft-pc

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19422&pfid=101&bid=33188&lang=spanish&from=www-dft-dft-pc

http://www.filehorse.com/download/file/.../

http://pdds.ucweb.com/download/newest/UCBrowser/id/101/.../PC_banner

http://pdds.ucweb.com/.../bypfid?product=UCBrowser&pfid=101&lang=en-us&bid=354&direct=true&from=PC_banner

http://pdds.ucweb.com/.../package?uc_param_str=ve&product=ucbrowser&fileid2=19418&pfid=101&bid=354&lang=english&from=www-dft-dft-pc

http://gjxz.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V5.7.14488.1207_windows_pf101_(Build16072217).exe

http://download.ucweb.com/files/UCBrowser/en-us/.../UCBrowser_V5.7.14488.1207_windows_pf101_(Build16072217).exe

http://pdds.ucweb.com/download/newest/UCBrowser/en-us/101/.../PC_banner

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to fm-dyn-139-193-253-16.fast.net.id (139.193.253.16:80)

TCP (HTTP):

Connects to unknown.telstraglobal.net (202.127.76.238:80)

TCP (HTTP):

Connects to host-213.158.175.83.tedata.net (213.158.175.83:80)

TCP (HTTP):

Connects to etg-01-017.etg.ras.cantv.net (200.44.26.17:80)

TCP (HTTP):

Connects to a92-123-73-11.deploy.akamaitechnologies.com (92.123.73.11:80)

TCP (HTTP):

Connects to a23-57-74-49.deploy.static.akamaitechnologies.com (23.57.74.49:80)

TCP (HTTP):

Connects to a184-50-232-105.deploy.static.akamaitechnologies.com (184.50.232.105:80)

Remove ucbrowser_v5.7.14488.1207_windows_pf101_(build16072217).exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.