home

UCBrowser.exe

UC浏览器

TAOBAO (CHINA) SOFTWARE CO.,LTD.

The application UCBrowser.exe by TAOBAO (CHINA) SOFTWARE CO.,LTD has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address a-0001.a-msedge.net on port 80 using the HTTP protocol.
Publisher:
UCWeb Inc.  (signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.)

Product:
UC浏览器

Version:
6.1.2107.202

MD5:
a76c6bb9d5a7dbb13808f0b926c93709

SHA-1:
30d379909b6275b0c138be75af53b7a345d58df0

SHA-256:
7ae71b21e9a5d8baa1d0f0423952b9ea9d8b39a72591ff19d15d03c3a0825653

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:59:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Taobao (L)
17.3.3.4

File size:
1.1 MB (1,172,368 bytes)

Product version:
6.1.2107.202

Copyright:
Copyright 2008-2016 UCWeb Inc. All rights reserved.

Original file name:
UCBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ucbrowser\application\ucbrowser.exe

Digital Signature
Signed by:
TAOBAO (CHINA) SOFTWARE CO.,LTD.

Authority:
VeriSign, Inc.

Valid from:
6/15/2016 9:00:00 PM

Valid to:
7/14/2018 8:59:59 PM

Subject:
CN="TAOBAO (CHINA) SOFTWARE CO.,LTD.", OU=RDC, O="TAOBAO (CHINA) SOFTWARE CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
780A0032A6CE7D0B5D5452F5CDE520DC

File PE Metadata
Compilation timestamp:
3/2/2017 1:54:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x6FBDB

Entry point:
E8, B5, 08, 00, 00, E9, 8E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9...
 
[+]

Code size:
593 KB (607,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to host-213.158.189.244.tedata.net  (213.158.189.244:80)

TCP (HTTP):
Connects to host-213.158.189.217.tedata.net  (213.158.189.217:80)

TCP (HTTP):
Connects to cc.3e.559e.ip4.static.sl-reverse.com  (158.85.62.204:80)

TCP (HTTP):
Connects to host-213.158.189.224.tedata.net  (213.158.189.224:80)

TCP (HTTP):
Connects to no-data  (125.39.85.250:80)

TCP (HTTP):
Connects to host-213.158.189.231.tedata.net  (213.158.189.231:80)

TCP (HTTP):
Connects to host-213.158.163.213.tedata.net  (213.158.163.213:80)

TCP (HTTP SSL):
Connects to host-213.158.160.46.tedata.net  (213.158.160.46:443)

TCP (HTTP):
Connects to host-213.158.189.245.tedata.net  (213.158.189.245:80)

TCP (HTTP):
Connects to host-213.158.163.221.tedata.net  (213.158.163.221:80)

TCP (HTTP):
Connects to host-213.158.163.219.tedata.net  (213.158.163.219:80)

TCP (HTTP):
Connects to host-213.158.163.212.tedata.net  (213.158.163.212:80)

TCP (HTTP):
Connects to ir2.fp.vip.bf1.yahoo.com  (98.139.183.24:80)

TCP (HTTP):
Connects to host-213.158.189.223.tedata.net  (213.158.189.223:80)

TCP (HTTP):
Connects to ir1.fp.vip.ne1.yahoo.com  (98.138.253.109:80)

TCP (HTTP):
Connects to ir1.fp.vip.gq1.yahoo.com  (206.190.36.45:80)

TCP (HTTP):
Connects to host-213.158.189.251.tedata.net  (213.158.189.251:80)

TCP (HTTP):
Connects to host-213.158.189.238.tedata.net  (213.158.189.238:80)

TCP (HTTP):
Connects to host-213.158.189.230.tedata.net  (213.158.189.230:80)

Remove UCBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.