home

uran.exe

Uran

Limited Liability Company Ucoz Media

The application uran.exe by Limited Liability Company Ucoz Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.
Publisher:
uCoz Media LLC and Chromium Authors  (signed by Limited Liability Company Ucoz Media)

Product:
Uran

Version:
30.0.1599.101

MD5:
f66614ad19d6c8c60e10484bbdb6bb49

SHA-1:
0c6e443b2cc34c31888163cd18070ed9237783bc

SHA-256:
b3c1503507910887691015fc32d94a41686d73b85f7f45fca40b402de100ab19

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/8/2024 7:23:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LimitedLiabilityCompanyUcozMedia
15.3.20.18

File size:
810 KB (829,400 bytes)

Product version:
30.0.1599.101

Copyright:
Copyright 2013 uCoz Media LLC Chromium Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\ucozmedia\uranbrowser\application\uran.exe

Digital Signature
Signed by:
Limited Liability Company Ucoz Media

Authority:
GlobalSign nv-sa

Valid from:
3/16/2012 11:17:49 PM

Valid to:
3/17/2014 11:17:49 PM

Subject:
E=alexzander@ucoz.com, CN=Limited Liability Company Ucoz Media, OU=Bagrationovskiy proyezd, O=Limited Liability Company Ucoz Media, L=Moscow, S=Moscow, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B28BB43AF25490AA12229BA614435817

File PE Metadata
Compilation timestamp:
10/30/2013 11:59:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Fmh3+WYomUQ9+hUGDjCSlJhBTlvKcXBLjxxUU:4h4pUQ9HYWeJhBT5KcRLjxxV

Entry address:
0x52F91

Entry point:
E8, D0, 94, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 38, 02, 47, 00, 57, FF, 35, 54, 23, 4A, 00, FF, D6, FF, 35, 50, 23, 4A, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 26, 95, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 7A, 4F, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
6.5634

Code size:
443 KB (453,632 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:443)

TCP (HTTP SSL):
Connects to cache.google.com  (85.114.182.232:443)

TCP (HTTP SSL):
Connects to a23-13-254-162.deploy.static.akamaitechnologies.com  (23.13.254.162:443)

TCP (HTTP SSL):
Connects to srv116-194.vkontakte.ru  (95.142.194.116:443)

TCP (HTTP SSL):
Connects to cs475.vkontakte.ru  (87.240.163.161:443)

TCP (HTTP SSL):
Connects to blocked-sites.aist.net.ru  (81.28.161.2:443)

TCP (HTTP SSL):
Connects to srv118-131-240-87.vk.com  (87.240.131.118:443)

TCP (HTTP SSL):
Connects to rfbo2.r.smailru.net  (94.100.180.76:443)

TCP (HTTP SSL):
Connects to lr-in-f84.1e100.net  (209.85.233.84:443)

TCP (HTTP SSL):
Connects to a104-86-48-10.deploy.static.akamaitechnologies.com  (104.86.48.10:443)

TCP (HTTP SSL):
Connects to cs477.vkontakte.ru  (87.240.163.163:443)

TCP (HTTP SSL):
Connects to srv92-165-240-87.vk.com  (87.240.165.92:443)

TCP:
Connects to lr-in-f125.1e100.net  (209.85.233.125:5222)

Remove uran.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.