» ucp.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

ucp.exe

Ultra Core Protector

The application ucp.exe by Ultra Core Protector has been detected as a potentially unwanted program by 9 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Ultra Core Protector. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. While running, it connects to the Internet address www.sakha.ru on port 80 using the HTTP protocol.

File name:

ucp.exe

Publisher:

Ultra Core Protector (signed and verified)

Product:

Ultra Core Protector

Version:

7.9

MD5:

9c528a87b9cd44dc1f3f00d2730f273d

SHA-1:

b6580ca88b1f0d00dff149f2e7c59b95ddcd1508

SHA-256:

3aaeab5a6ba5a79e97e4e4886e1f05fe4c266c5b4608580aab45b1311b34ccbf

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 1:28:39 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.SearchProtect

4.0.3.16215

Bkav FE

HW32.Packed

1.3.0.7237

F-Prot

W32/Virut.AI!Generic

v6.4.7.1.166

IKARUS anti.virus

Win32.Heur

t3scan.1.9.5.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.SearchProtect

14.0.0.660

Reason Heuristics

PUP.UltraCoreProtector (M)

16.2.15.1

Trend Micro House Call

TROJ_GEN.F47V1105

7.2.46

Vba32 AntiVirus

BScope.Trojan.Diple

3.12.22.2

ViRobot

Trojan.Win32.S.Agent.812680[h]

2014.3.20.0

File size:

800.1 KB (819,336 bytes)

Product version:

7.9.0.0

Original file name:

ucp.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\counter-strike source\counter-strike source client\ucp.exe

Digital Signature

Signed by:

Ultra Core Protector

Authority:

Ultra Core Protector

Valid from:

12/12/2012 11:44:42 PM

Valid to:

1/1/2040 8:59:59 AM

Subject:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Issuer:

CN=Endi, OU=http://ucp-anticheat.org, E=support@ucp-anticheat.org, O=Ultra Core Protector, C=RU

Serial number:

E0177238F19B3FB5462942142E1145B1

File PE Metadata

Compilation timestamp:

4/3/2013 1:41:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:Tka0ZL8b8wJE9KDpAEnMxxBdAvam7uI3umBtuUEAbNpk:Tka0ZKdJE9XAvtu1QE8k

Entry address:

0x34AF28C

Entry point:

0F, 88, 72, 3E, 00, 00, 9C, C7, 04, 24, 27, 1B, B2, 5B, E8, BF, 06, 00, 00, C7, 44, 24, 10, D5, 86, AA, AF, 60, 9C, 9C, 51, 8D, 64, 24, 3C, E9, D1, 4E, 00, 00, 3B, 23, 4E, E8, 10, ED, 04, 58, D4, 20, 3C, C0, 5F, C8, 3F, AD, C6, 55, 94, 0C, 66, 1C, 5E, EC, 10, 9C, DA, A9, C6, 77, 7C, 17, 5A, D2, 1C, BD, C2, 65, 90, EA, 07, BF, 80, F1, A9, 96, DE, 34, 61, E9, D5, 7A, C7, 24, 78, 08, 82, C5, 20, 6C, 1B, 5A, D9, E6, 0E, 80, F0, 44, AD, DC, 22, 91, E0, 31, 3C, F1, F7, 4B, 20, 4D, A1, 0C, 65, 1D, B6, C3, 42, 02... 
[+]

Code size:

308.5 KB (315,904 bytes)

Program Uninstaller

Program name:

Ultra Core Protector

Display version:

7.9

Uninstall string:

C:\Program Files\Counter-Strike Source\Counter-Strike Source Client\ucp.exe ###

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.sakha.ru (94.245.155.4:80)

TCP (HTTP):

Connects to panel2.ya1.ru (94.245.155.12:80)

TCP (HTTP):

Connects to kontrolpanel.dediweb.dk (195.154.216.135:80)

Remove ucp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.