UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe threat report

MD5 98035edb5b5c0ca929b1e6e66997aeac
Latest seen 2021-05-27 20:22:33 (4 years ago)
First seen 2017-08-26 16:01:45 (8 years ago)
Size 1 MB
Publisher UCWeb Inc.
Product UC Browser
Signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as PUP.UCBrowser. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name
PUP.UCBrowser
Recommended action
Scan and remove
Last analysis
2021-05-27 20:22:33 (4 years ago)
File hash
98035edb5b5c0ca929b1e6e66997aeac
Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as PUP.UCBrowser.

Timeline

First seen 2017-08-26 16:01:45 (8 years ago); latest analysis 2021-05-27 20:22:33 (4 years ago).

Publisher context

Company metadata: UCWeb Inc.. Product metadata: UC Browser.

Digital signature

Signed by TAOBAO (CHINA) SOFTWARE CO.,LTD.. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

  1. Compare the MD5 above with the file found on the device.
  2. Check whether the file appears in the observed locations or under one of the alternate names.
  3. Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe is a Windows file recorded in the ThreatInfo database. It is associated with UC Browser. The reported company name is UCWeb Inc.. The current detection status is PUP.UCBrowser, based on the latest analysis from 2021-05-27 20:22:33 (4 years ago).

If UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as PUP.UCBrowser.

File Details

Product Name: UC Browser
Company Name: UCWeb Inc.
MD5: 98035edb5b5c0ca929b1e6e66997aeac
Size: 1 MB
First Published: 2017-08-26 16:01:45 (8 years ago)
Latest Published: 2021-05-27 20:22:33 (4 years ago)
Status: PUP.UCBrowser (on last analysis)
Analysis Date: 2021-05-27 20:22:33 (4 years ago)

Detection screenshot

UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Signed By: TAOBAO (CHINA) SOFTWARE CO.,LTD.
Status: Valid

The signature on UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%temp%\25987
%profile%\downloads
%localappdata%\packages\ucmobilelimited.uc_6n7f2ndsr2206\localstate\download
%profile%\downloads\programs
%temp%\11264
%temp%\a71835dd-1915-4a86-acd6-bd76c601b658
%localappdata%\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\1u2bpd5v
%localappdata%\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\brloxady
%temp%\92243a56-3631-4bda-8823-71cc22427b4d
%profile%\desktop

ThreatInfo has observed UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

UCBrowser_CI26lu40327555345976459a13527c18ca.exe
UCBrowser_CI28lu42042267360476659a417ba9bffc.exe
UCBrowser_CI29lu43531175349521559a4e88355ea6.exe
UCBrowser_CI29lu40446577064329259a50e123abb5.exe
UCBrowser_CI30lu43525635143244959a67d05741c6.exe
UCBrowser_CI31lu42057468875848759a810f96e75e.exe
UCBrowser_CI31lu46843487461174859a811631141c.exe
UCBrowser_CI29lu45344507162692559a5369c6f579.exe
UCBrowser_CI29lu43516324534794259a54e6814592.exe
UCBrowser_CI03lu43615433434792859ab5bdb46507.exe
UCBrowser_CI01lu42241246660471659a908e12b7c0.exe
UCBrowser_CI30lu43536255954279659a649f8cceac.exe
UCBrowser_CI30lu48438256156747759a649fabf1b0.exe
UCBrowser_CI28lu48325515243479159a3e54568f9f.exe
UCBrowser_CI30lu42003332621241059a64bb7aa7eb.exe
UCBrowser_CI31lu41922183440968359a6ff1693c2d.exe
UCBrowser_CI31lu46935574653128059a6fa37c40a9.exe
UCBrowser_CI05lu40204282823569459ae419ce6e70.exe
UCBrowser_CI05lu43701502420271859ae38b101c82[1].exe
UCBrowser_CI05lu40515483834833159ae3847c1b73[1].exe
UCBrowser_CI06lu43947235866494859aedb4b19bc2.exe
UCBrowser_CI05lu45427445446534559ae6fa3c53a9.exe
UCBrowser_CI07lu43401512120206759b0b1bde6085.exe
UCBrowser_CI06lu45522344341829359af6a66b71c7.exe
UCBrowser_CI03lu42210203729917959abc6f20cce7.exe
UCBrowser_CI08lu46841647460792659b2bd41d53c9.exe
UCBrowser_CI09lu40616333635231259b35094d835b.exe
UCBrowser_CI07lu48354468673727459b159860d573.exe
UCBrowser_CI09lu46612373831626659b3a5e0b8a54.exe
UCBrowser_CI12lu41853646672852959b6ea0d238f5.exe
UCBrowser_CI12lu40305631824864059b6e9a102865[1].exe
UCBrowser_CI12lu45534634753408459b6e9be70906[1].exe
UCBrowser_CI12lu48349636268200159b6e9cdc7281[1].exe
UCBrowser_CI05lu40725464844824459ae37d92395c.exe
UCBrowser_CI12lu43937416856590459b7e1b912543.exe
UCBrowser_CI12lu42136405855236359b762eca2656.exe
win108.exe
UCBrowser_CI13lu45252137671845859b8ca487dfd4.exe
UCBrowser_CI13lu42250187969270959b911c29ab49.exe
UCBrowser_CI13lu43913404232127859b916c51f0c7.exe
UCBrowser_CI06lu40219283038331059aedc5bef71a.exe
UCBrowser_CI06lu40242555661990159af0cf6b46fe.exe
UCBrowser_CI02lu43915144334591459aa821fad5ef.exe
UCBrowser_CI07lu45510592129320559b03516d02ce.exe
fFqQ7kZ866X5.exe
xNnLXdtpgHqe.exe
S1Go38QKLZhT.exe
UCBrowser_CI14lu40456198775573759ba7fa444d88.exe
UCBrowser_CI11lu46611182430204559b58d9bb3e96.exe
UCBrowser_CI14lu45504192823150559ba1d0052758.exe
UCBrowser_CI12lu40437495756524159b748e988a0a.exe
UCBrowser_CI12lu46850487069455559b748babe8e3.exe
UCBrowser_CI28lu48341275459683259a31ad5ac3fc.exe
$RQMZ239.exe
UCBrowser_CI29lu42318614936169559a571568426a.exe
1y7zRDYrwuY9.exe
UCBrowser_CI28lu40200162018324659a37a88dc67a.exe
UCBrowser_CI18lu42214354033550959bf82ea1261a.exe
UCBrowser_CI20lu48300491019169759c148242d1ee.exe
UCBrowser_CI11lu40328605047961359b61614a3bdb.exe
t; filename=UCBrowser_CI19lu40325605644904759c120a15c5b7.exe
UCBrowser_CI19lu46653138572266359c123c9b49bf.exe
UCBrowser_CI22lu42257107876852759c47ce996454.exe
UCBrowser_CI23lu40735374554303459c539f72dab8.exe
UCBrowser_CI23lu48415162534524659c534f7cd05d.exe
UCBrowser_CI23lu42336374655699259c539f8c47ba.exe
$RWP19MK.exe
UCBrowser_CI23lu45158698677211359c63eae86f7c.exe
UCBrowser_CI06lu48248146767655159af49b066c3b.exe
UCBrowser_CI19lu43932435151745259c073ec74d49.exe
UCBrowser_CI24lu43436184855350559c6a3245b96f.exe
UCBrowser_CI4323a706003115888cd8d8836957b5f0.exe
UCBrowser_CI16lu46849177468365359bccdc5964f3.exe
UCBrowser_CI25lu46909402928673259c86a318f6d1.exe
UCBrowser_CI25lu42248396867796059c86a1caa108.exe
UCBrowser_CI25lu46752437271803359c86b1030d35.exe
UCBrowser_CI07lu41836625555809359b0a664dae47.exe
UCBrowser_CI26lu40524334743950059c9e44ce03d4.exe
UCBrowser_CI28lu46751327770550159ccb15b0d442.exe
UCBrowser_CI14lu42226333645629459b95b7e58fe4.exe
UCBrowser_CI12lu40421615440665559b80279b6345.exe
UCBrowser_CI03lu43953357372773859ab6831066d6.exe
UCBrowser_CI13lu46621623440485559b83af5502df.exe
UCBrowser_CI12lu41805653124224259b7a0e939714.exe
UCBrowser_CI22lu40453247272773159c4640d58fdf.exe
UCBrowser_CI12lu40548207567888159b7a498bd7d0.exe
UCBrowser_CI11lu45424494843784459b62f9c02364.exe
UCBrowser_CI06lu43933304453972559d669e1bb0a2.exe
UCBrowser_CI10lu40731345850669959b504cf6950e.exe
UCBrowser_CI05lu48316502836685759d52b103ef59.exe
UCBrowser_CI06lu40213314032133759afbe09c99bb.exe
$RB0WKH4.exe
UCBrowser_CI08lu42333375652207959b22a45f197d.exe
UCBrowser_CI08lu40239376258638459b22a4b9e589.exe
UCBrowser_CI02lu41908603028912959d1c5804d975.exe
UCBrowser_CI05lu43747676766471459ae12ab1708b.exe
UCBrowser_CI08lu46720535339755259b2ba98ef2b7.exe
UCBrowser_CI22lu43703192422109459c47ecfec4da.exe
UCBrowser_CI12lu40228184947205259b74fac43967.exe
UCBrowser_CI16lu46851497870634559bcf167669b2.exe
UCBrowser_CI19lu45413594032699559c0e81940e7c.exe
UCBrowser_CI09lu46850128369485059b4029ab1c37.exe
UCBrowser_CI31lu48309482227802959a71421c4110.exe
UCBrowser_CI31lu41958577676654459a75cbe6bc9f.exe
UCBrowser_CI10lu45414314334953159dcad2a4d2e1.exe
UCBrowser_CI09lu46805583225951359db45d5c9013.exe
UCBrowser_CI16lu48232266351506659bd243050d9e.exe
UCBrowser_CI13lu45023324543698759e03f7f4aa40.exe
UCBrowser_CI30lu42010304328169459a6d7aa364f8.exe
UCBrowser_CI09lu42136344755400859b2d25469069.exe
UCBrowser_CI28lu41843335361915659a2f20f02920.exe
UCBrowser_CI09lu45047166966944059b368d72f65f.exe
UCBrowser_CI27lu46845536663314059a23ff19baa2.exe
UCBrowser_CI09lu48406172825533259b368ea26942.exe
UCBrowser_CI27lu45305562623405359a2407d6e021.exe
UCBrowser_CI28lu40537334755825259a2f20981b9e.exe
UCBrowser_CI26lu41934484453180559c9310a38f9e.exe
UCBrowser_CI25lu42029645648408759c8d2558ac76.exe
UCBrowser_CI26lu43431484150256959c931071b6ed.exe
UCBrowser_CI25lu42157658476511859c8d2add6c95.exe
UCBrowser_CI25lu43605643224137359c8d23d117c6.exe
UCBrowser_CI25lu43501642820295959c8d239a701b.exe
UCBrowser_CI13lu42250337469390959b8cef63a08a.exe
UCBrowser_CI15lu46811243830169659bb99e34e9b4.exe
UCBrowser_CI17lu41916664135314959be2aa0b83d4.exe
UCBrowser_CI18lu42149646768381459bf19598bd92.exe
UCBrowser_CI05lu45136556455964059ae805019c9b.exe
UCBrowser_CI29lu45135146053359059a512038d3ae.exe
UCBrowser_CI12lu45300522119423359b75788c082c.exe
UCBrowser_CI28lu40515303735444459f4057fdd404[1].exe
UCBrowser_CI27lu45046235666596859f209baa7c8f.exe
UCBrowser_CI30lu43603263323156759f71803f2415.exe
UCBrowser_CI31lu46844447464588659f86de44e868.exe
UCBrowser_CI27lu41922625240363959a2c086d026a.exe
UCBrowser_CI3c3f230f99b2154cc739dba952e89c93.exe
UCBrowser_CI16lu46744386663648759bca87c66948.exe
UCBrowser_CI20lu40242466761342059c21a8a6bbee.exe
UCBrowser_CI07lu48327375846288559b1493fcf5c8.exe
UCBrowser_CI16lu46809414029482159e4b49d449ec.exe
UCBrowser_CI02uu23849616370757359fa33e530d8c.exe
UCBrowser_CI06uu42502441623763359ff75bace838.exe
UCBrowser_CI4323a706003115888cd8d8836957b5f0_2.exe
UCBrowser_CI29lu43838616257412459cded7abde90.exe
UCBrowser_CI29lu41849287368951659cde5c99ea67.exe
UCBrowser_CI29lu43639316358389559cde673f1d10.exe
UCBrowser_CI29lu43530305449525759cde62e4d578.exe
UCBrowser_CI30lu46836204655823559ce707cb99f8.exe
UCBrowser_CI29lu46945527164870059ce0785d12c3.exe
UCBrowser_CI29lu46852307671837459cde6449bde7.exe
UCBrowser_CI09lu45348327167529659b37aa841b89.exe
UCBrowser_CI28lu40241135159783159a2ed5dedd3d.exe
UCBrowser_CI03uu18155258576384359fc5dfb98f29.exe
UCBrowser_CI11lu45036376955266459b6ab682e146.exe
UCBrowser_CI02lu40358588777561759aa9aaa90db2.exe
UCBrowser_CI30lu48307323527491959f6fd4fbd33f.exe
UCBrowser_CI12lu45124385544359859df6df83a6d2.exe
f_0000d6
UCBrowser_CI31lu45206191624573059a6e3229c321.exe
UCBrowser_CI28lu40754587472501359a3849633b50.exe
UCBrowser_CI13lu43401323320102359b93f09e8ca3.exe
UCBrowser_CI03lu45354388774267359d3acb66315a.exe
gUCBrowser_CI16lu46849177468365359bccdc5964f3.exe
UCBrowser_CI19lu46626574245105859c04cfee2b30.exe
UCBrowser_CI05lu42007173026963159ae30fb88668.exe
UCBrowser_CI13lu45555287474169459b8877fd819d.exe
UCBrowser_CI08lu45356417675387359b2011cea646.exe
UCBrowser_CI14lu42244657664166659e22570231b0.exe
UCBrowser_CI14lu43458229178153359e2297a4999f.exe
UCBrowser_CI14lu48419385139751059e21f037200e.exe
UCBrowser_CI14lu48324375644409459e21eccbe639.exe
UCBrowser_CI14lu46930236350873159e2299a3ac9e.exe
UCBrowser_CI06lu42251228070565859afd833ecce6.exe
UCBrowser_CI04lu45347367066505259ace41710e28.exe
UCBrowser_CI05lu45400621819106859adf5300d0e9.exe
UCBrowser_CI01lu42258617977972759a8d95e41032.exe
UCBrowser_CI31lu40240116558160859a7b45479379.exe
UCBrowser_CI12lu46933326652718659b7fbb9ef84e.exe
UCBrowser_CI27lu45117284536356659cb7ae9a0b2e.exe
UCBrowser_CI14lu40414294334286759e1f2b2f21c7.exe
UCBrowser_CI06lu46727394846349359af6b9726ebd.exe
UCBrowser_CI15lu48258678577863059bba4262e323.exe
UCBrowser_CI26lu45033145951150759a12b91d8f66.exe
UCBrowser_CI14lu45112462331770959b96c8cc2287.exe
UCBrowser_CI07lu46638404857200359b022ae2daff.exe
UCBrowser_CI10lu45039625358736659b4549758680.exe
UCBrowser_CI05lu42211143731281359d5e77be90c8.exe
UCBrowser_CI28lu43559218977432659a4088f27fb8.exe
UCBrowser_CI03lu46657197277284959d2ab25bbf34.exe
UCBrowser_CI12lu43645486664315859b756c5a578b.exe
UCBrowser_CI12lu48447486866791359b756c7445cb.exe
UCBrowser_CI26lu40436326156813159f18d3c0af9a.exe
UCBrowser_CI07lu46953158372995159b136213a873.exe
UCBrowser_CI06lu43758547677573359af450a9fe03.exe
UCBrowser_CI15lu40326424446359959e2ac9a37c12.exe
UCBrowser_CI07lu48450447469103159b0e88a1a6f3.exe
UCBrowser_CI07lu41816434035900059b0e82c1d257.exe
UCBrowser_CI07lu43948276267842659b057ecac7dd.exe
UCBrowser_CI07lu41805311924366959b058b168b50.exe
UCBrowser_CI18lu45342427561475959bfe71ae5b31.exe
UCBrowser_CI13lu42340155060483959df92d44fcde.exe
UCBrowser_CI25lu40601482720769859c8c069b7b3d.exe
UCBrowser_CI07lu40555277274392759b0822322a1c.exe
UCBrowser_CI11lu41844615863915959b5a5e0896e2.exe
UCBrowser_CI10lu48218593037249159b437aeed6d4.exe
UCBrowser_CI03lu41900373319596759ac1f44b1ddf.exe
UCBrowser_CI19lu43622494641847559c0bb9a2a479.exe
UCBrowser_CI4323a706003115888cd8d8836957b5f0 (1).exe
UCBrowser_CI04lu43557538276483259ad043d9bbf6.exe
UCBrowser_CI13lu41900281919825559b88748e5cd8.exe
UCBrowser_CI04lu45033575252571559acb0b5506d9.exe
UCBrowser_CI13lu43855237874607259b8be93ab758.exe
UCBrowser_CI13lu43841206460914459b8bdd1a37cc.exe
UCBrowser_CI12lu48415413734118659b76313a590f.exe
UCBrowser_CI30lu40300653220784359f73d44902a1.exe
UCBrowser_CI31lu43429285447295459a7b8454c084.exe
f_0000ec
f_00006b
f_000070
f_0000a0
f_000068
UCBrowser_CI20lu42241306760861559c224d9929e1.exe
UCBrowser_CI12lu45143495563715759de656f401e0.exe
UCBrowser_CI08lu43537546156865459b23c559cdd9.exe
UCBrowser_CI07lu40742646962679459d8a4622af28.exe
UCBrowser_CI10lu40726524146467259dbed42adfd5.exe
UCBrowser_CI02lu40623314243228059d1949321204.exe
UCBrowser_CI25lu40329624148836959c7feed374c8.exe
UCBrowser_CI11lu40226123846932859dd0b32bd28b.exe
UCBrowser_CI13lu48323674642932759b8c8c3a9fa7.exe
UCBrowser_CI07lu43748287267586759b0e4c8190d4.exe
UCBrowser_CI23lu48218304737427959c6437271dbd.exe
UCBrowser_CI04lu45011132131829959d3b4bf3d8a0.exe
gUCBrowser_CI13lu42222205141724159b9121edc262.exe
UCBrowser_CI19lu45551566870826659c05aebaccd5.exe
UCBrowser_CI02lu43854626474853359d11d66cd82a.exe
UCBrowser_CI06lu42053497972668059afb45910c00.exe
UCBrowser_CI11lu40358478177241159b62136d3e23.exe
UCBrowser_CI22lu42113553933408959ec5a999dc2e.exe
UCBrowser_CI02lu45043535462305859a99c4f5fda8.exe
UCBrowser_CI10lu46912192331872759b42038ecd53.exe
UCBrowser_CI10lu43906472125704359b45f021340d.exe
UCBrowser_CI02lu48321513240309959a99bc1a9076.exe
UCBrowser_CI11lu41937266556579959b662856f81e.exe
UCBrowser_CI02lu48232504351501359a99b90add14.exe
UCBrowser_CI18lu46619133038513259beaad719fe2.exe
UCBrowser_CI21lu40756487775389859c33450db57f.exe
UCBrowser_CI30lu40525534943330659a65e8d5d3be.exe
UCBrowser_CI11lu40439417259220559de395bc2c25.exe
UCBrowser_CI25lu42120415240696759f0a03887b74.exe
UCBrowser_CI25lu46633565952801859c8c269bb1a4.exe
UCBrowser_CI14lu40522533442536459e1094a4d48c.exe
UCBrowser_CI05lu42243587663903359d6545b34c6f.exe
UCBrowser_CI05lu45000213019329959ae9454670cc.exe
UCBrowser_CI31lu41951588069294159a7f7a34cadd.exe
UCBrowser_CI03lu43831535450123859ab9683abf48.exe
UCBrowser_CI07lu40507113226340459b0eeb36fca9.exe
UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geography:

62.2%
28.7%
1.4%
1.2%
1.0%
0.7%
0.5%
0.5%
0.5%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

The strongest geographic signal for this file is Indonesia with 62.2% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 45.2%
Windows 8.1 34.8%
Windows 10 18.6%
Windows 8 1.0%
Windows Vista 0.5%

The most common operating system signal for UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe is Windows 7 with 45.2% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe is identified as pe for 32 systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x0008c933

PE Sections:

Name Size of data MD5
.text 729600 5bec39d1488e319d249b9eba72e4e123
.rdata 133120 029361ef5996fa378af34e0ab7dfc06d
.data 4608 fa3be2cf6a459f2784a64dff22e8f6c3
.gfids 1024 a9687c5a7844658351e3fac9bebfadfa
.tls 512 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 411648 675090f494cd3821851f575f3ebfad87
.reloc 27648 b5c055086362d1535204689080667d07

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

More information:

Search on Virustotal
Scan with GridinSoft Anti-Malware if this file is present on your device.
copyright for information about UCBrowser_CI12lu40523414542474159b7631bf3aa7.exe