home

Chao Wei

Publisher Information

Chao Wei is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 16 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
10/19/2016 2:00:00 AM

Valid to:
8/19/2017 1:59:59 AM

Subject:
CN=Chao Wei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3ced0bde89f0f6d9e1dd710acb0f0794

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Elex.Chao (M)
92.00%

ESET NOD32
Win32/Obfuscated.NIS trojan, Win32/Obfuscated.NIV trojan, Win32/Floxif.H virus
24.00%

F-Prot
W32/Floxif.B
8.00%

AVG
Win32/Floxif.A
8.00%

F-Secure
Win32.Floxif.A
4.00%

1 / 68      (PUP)
firefoxupdate.exe (Firefox)  (6cd3e6bb0125e10ebbbc276ca24d8798)

1 / 68      (PUP)
firefoxupdate.exe (Firefox)  (6cd3e6bb0125e10ebbbc276ca24d8798)

1 / 68      (PUP)
firefox_crashreporter.exe (Firefox)  (728354c33e7bfa0b8f5467efee0c6e37)

1 / 68      (PUP)
firefoxupdate.exe (Firefox)  (2cc9e6ed2e7ffbbf1343517312453293)

1 / 68      (PUP)
firefox_crashreporterx64.exe (Firefox)  (662cd6d041cf129e9081dd84f0268bd9)

4 / 68      (Malware)
firefoxupdate.exe (Firefox)  (7c6633967bacea0afd52177f27b25404)

1 / 68      (PUP)
firefoxupdate.exe (Firefox)  (2a82263373a9a41b374f7270abfa1d5c)

1 / 68      (PUP)
firefox_helper.exe (Firefox)  (4cffbea9f3031f07857fb433ed7ac257)

1 / 68      (PUP)
firefox_crashreporterx64.exe (Firefox)  (e30cd6b7739cc2ef9045e8e125bdf049)

1 / 68      (PUP)
firefox_crashreporter.exe (Firefox)  (7ac251cb10e951c489f5e858a83e144a)

1 / 68      (PUP)
firefoxupdate.exe (Firefox)  (733697c3fb3a8933d07e9aca83b45d24)

3 / 68      (Malware)
firefoxupdate.exe (Firefox)  (e1b93e7791dd96afa6dbee7a6a6a2eaf)

1 / 68      (PUP)
firefox_helper.exe (Firefox)  (a0bdf00ee8e8706fcbcfc8ee208c1dba)

1 / 68      (PUP)
firefox_crashreporterx64.exe (Firefox)  (386bfc03dae2730e89d39ee78aa9de6e)

1 / 68      (PUP)
firefox_helper.exe (Firefox)  (12881c9ad84d5a985cfd14f4e16a3b1b)

1 / 68      (PUP)
firefox_crashreporterx64.exe (Firefox)  (c85a038a9e6fc9c0820dd798ba4b6d9c)

1 / 68      (PUP)
firefox_crashreporter.exe (Firefox)  (f360a0916e8e3a065e2a89df0de3a1d3)

1 / 68      (PUP)
firefox_crashreporter.exe (Firefox)  (7018294329348b228b35bee7990c2da1)

2 / 68      (PUP)
firefoxupdate.exe (Firefox)  (e2c8f75431af5c5533f8ec64e79c41d5)

2 / 68      (PUP)
firefoxupdate.exe (Firefox)  (6cd3e6bb0125e10ebbbc276ca24d8798)

1 / 68      (PUP)
firefox_helper.exe (Firefox)  (3c412bcb34e71df741fa28b667e20454)

1 / 68      (PUP)
firefox_crashreporterx64.exe (Firefox)  (001cfa29d927887b73a9bc26c9e8e402)

2 / 68      (PUP)
firefoxupdate.exe (Firefox)  (f8244c24813ced6ce85778a3a407ab4a)

1 / 68      (PUP)
firefox_crashreporter.exe (Firefox)  (3d286f03abc9338fcb7a1984c123515f)

2 / 68      (PUP)
firefoxupdate.exe (Firefox)  (7b1d043864b5154de499af117adc68bb)

The certificates below are also signed by Chao Wei.

2DB2335D24D822A67461379EB4A5D215  (Nov 23, 2016 to Aug 19, 2017)

1579BADCC703A48CF6490B89F550201D  (Nov 01, 2016 to Aug 19, 2017)

67D505EDFAB2041D1650CEEE99102F80  (Jan 06, 2017 to Aug 19, 2017)

1200A32740619CA13B6BFBD91984402C  (Oct 12, 2016 to Aug 19, 2017)

1D31975C6FA7D059391E8CB150FFC16E  (Oct 26, 2016 to Aug 19, 2017)

426B9B1A32F1FA79A1D4E4E61168E69A  (Dec 02, 2016 to Aug 19, 2017)

476D13B315A3916791CD1AC3F7E8F714  (Nov 16, 2016 to Aug 19, 2017)

479B85850805F08E08FDB90E6CF6EE69  (Dec 12, 2016 to Aug 19, 2017)

48E306C3FE6E1DF075CC774F7103CFC2  (Nov 28, 2016 to Aug 19, 2017)

45A8458D05878B9FE97F9367F3956CDE  (Jan 13, 2017 to Aug 19, 2017)

10 of 16 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Chao Wei by thawte, Inc. on October 19, 2016 with the serial number '3ced0bde89f0f6d9e1dd710acb0f0794'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.