home

ucstartup.exe

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘UC_Start’.
MD5:
dece4b479f0b2209ef26ddad6e39d71c

SHA-1:
a8ac0901da472a845197f706babf89ab95f7ccfa

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/10/2025 7:03:36 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
15387

File size:
36 KB (36,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ibm\updater\ucstartup.exe

File PE Metadata
Compilation timestamp:
7/21/2004 4:35:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:xT0OtXmDYHQEgm5NlDtO8Jz0fwqVompmSc:2JEgm5Nrif5ompmS

Entry address:
0x1F70

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 71, 40, 00, 68, 10, 37, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 68, 70, 40, 00, 33, D2, 8A, D4, 89, 15, 20, 8C, 40, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 1C, 8C, 40, 00, C1, E1, 08, 03, CA, 89, 0D, 18, 8C, 40, 00, C1, E8, 10, A3, 14, 8C, 40, 00, 33, F6, 56, E8, 0C, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 4C, 14, 00, 00, FF, 15, 64, 70, 40, 00, A3, 38, A1, 40, 00, E8...
 
[+]

Entropy:
5.4506

Code size:
24 KB (24,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UC_Start

Command:
C:\Program Files\ibm\updater\ucstartup.exe


Scan ucstartup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.