home

CHAODONG XIAO

Publisher Information

CHAODONG XIAO is a software developer located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 40 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
11/2/2015 1:00:00 AM

Valid to:
10/21/2016 1:59:59 AM

Subject:
CN=CHAODONG XIAO, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
00817d4dbbce8c47da8e50c3e019e885

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.MyStartSearch.CHAODONGXIAO.Installer.Meta (M), PUP.CHAODONGXIAO (M), PUP.MyStartSearch.CHAODONGXIAO.Meta (M), PUP.CHAODONGXIAO.Installer (M), PUP.CHAODONG (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.MyStartSearch.ShrtCln, PUP.Optional.OurSeaching
22.22%

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
22.22%

Panda Antivirus
Trj/Genetic.gen
22.22%

Baidu Antivirus
Adware.Win32.ELEX
22.22%

K7 AntiVirus
Adware
16.67%

Dr.Web
Adware.Mutabaha.812
16.67%

Zillya! Antivirus
Adware.BrowseFox.Win32.122766
16.67%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
11.11%

Comodo Security
Application.Win32.ELEX.H
11.11%

1 / 68      (Malware)
smt_istartsurf.exe (5030_smt_istartsurf)  (30f6145de99cc053c81fcd287c4a6bb6)

1 / 68      (PUP)
cvs_mystartsearch.exe (5035_cvs_mystartsearch)  (e5439789ee79b0d27db67a69746f400d)

1 / 68      (PUP)
smt_oursurfing.exe (5031_smt_oursurfing)  (d86f48b73740926241b577467c90bb00)

1 / 68      (PUP)
dae_do-search.exe (5032_dae_do-search)  (356bb02d041095efc2de3e3c46f29d96)

1 / 68      (PUP)
lly1_istartsurf.exe (5039_tug1_istartsurf)  (d3e5482d7212733b397834d93190bf1d)

1 / 68      (PUP)
dae_do-search.exe (4968_dae_do-search)  (07e9baececa31af127460bddc5c3cade)

1 / 68      (PUP)
smt_istartsurf.exe (5030_smt_istartsurf)  (5c496c72fc6282eacb251b727de728e3)

1 / 68      (PUP)
amt_omniboxes.exe (5046_amt_omniboxes)  (18401780ad4a83fc7f100972ba6318e2)

1 / 68      (PUP)
llys_mystartsearch.exe (5029_tugss_mystartsearch)  (908d4b042cf511733f8aa275cfac6f99)

1 / 68      (PUP)
llys_istartsurf.exe (5028_tugss_istartsurf)  (24ff2bb4753e4963bfd68ba64be18fcc)

1 / 68      (Malware)
llys_istartsurf.exe (4961_tugss_istartsurf)  (049e3a08f88d2cf023a032d38aab192a)

6 / 68      (PUP)
amt_oursurfing.exe (5026_amt_oursurfing)  (d8dac6cda1134ddae2a6ecdb747a5a03)

9 / 68      (PUP)
smt_oursurfing.exe (4964_smt_oursurfing)  (5bd87659385626e752aad8a303ab4264)

1 / 68      (PUP)
llys_mystartsearch.exe (4962_tugss_mystartsearch)  (ab4bc1e9ea55ee46de2908ef7de3e864)

9 / 68      (PUP)
cvs_mystartsearch.exe (4989_cvs_mystartsearch)  (1b55e3a8c909afc7d38302179ba40b0e)

1 / 68      (Malware)
lly1_istartsurf.exe (4960_tug1_istartsurf)  (6b90c6d4b8c8f8d29d9e79417d125806)

16 / 68    (PUP)
smt_istartsurf.exe (4963_smt_istartsurf)  (663048820bf08a833f78bbf85abf2d4e)

1 / 68      (Malware)
amt_oursurfing.exe (4959_amt_oursurfing)  (21d57fa000f4eeaa88a0553765275762)

Downloads URLs for files signed by CHAODONG XIAO.

1 / 68      (PUP)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (d3e5482d7212733b397834d93190bf1d)

1 / 68      (PUP)
https://d2drfrdurj6mvo.cloudfront.net/.../dae_do-search.exe  (356bb02d041095efc2de3e3c46f29d96)

1 / 68      (PUP)
http://d2drfrdurj6mvo.cloudfront.net/.../llys_mystartsearch.exe  (ab4bc1e9ea55ee46de2908ef7de3e864)

16 / 68    (PUP)
http://www.girlliuxiaowei.com/.../smt_istartsurf.exe  (663048820bf08a833f78bbf85abf2d4e)

1 / 68      (PUP)
https://d2drfrdurj6mvo.cloudfront.net/.../dae_do-search.exe  (07e9baececa31af127460bddc5c3cade)

1 / 68      (Malware)
http://d2drfrdurj6mvo.cloudfront.net/.../llys_istartsurf.exe  (049e3a08f88d2cf023a032d38aab192a)

1 / 68      (PUP)
http://d2drfrdurj6mvo.cloudfront.net/.../llys_istartsurf.exe  (24ff2bb4753e4963bfd68ba64be18fcc)

The following websites host and distribute files published by CHAODONG XIAO.

www.girlliuxiaowei.com

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by CHAODONG XIAO.

35996F289C445120CB2C97A4DB5F1B7A  (Feb 02, 2016 to Oct 21, 2016)

2B2A034F8507D947DEA36F9363582F61  (Dec 14, 2015 to Oct 21, 2016)

41AB3B122EF643528B051E039EEB5CB9  (Feb 14, 2016 to Oct 21, 2016)

56B1C0A6A3B5AB14B4C6DEFA46ADB345  (Jan 05, 2016 to Oct 21, 2016)

757B1422620446AD2C54D076AAE47ED1  (Dec 16, 2015 to Oct 21, 2016)

6E971AB0E8002451E8CE37A1F053720D  (Jan 21, 2016 to Oct 21, 2016)

0A0D53AD89A6A99CB029FB90BD951F0A  (Oct 29, 2015 to Oct 21, 2016)

49899B24CF4F92E88D8A95807ECC70B7  (Oct 27, 2015 to Oct 21, 2016)

4DE8A159DE7CFA800AA349ED1F9640A5  (Jan 08, 2016 to Oct 21, 2016)

1D355F4673632E66CBCBBA66F7565946  (Dec 04, 2015 to Oct 21, 2016)

10 of 40 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Speed Low Inc.

Taiming Li

Fuyuan Zhou

Zhuo Li

Li Mo

Thinknice Co., Limited

Yuxin WANG

Giner Tech Inc

刘晋岐

Minidigital Technology Co., Limited

Thinknice Co. Limited

Peng Zhang

EasyVpn

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

Off To Up LLC

ZHANG YUAN YUAN

Zealot Games Limited

* Note, the details and description above are based on the code signing digital signature issued to CHAODONG XIAO by thawte, Inc. on November 02, 2015 with the serial number '00817d4dbbce8c47da8e50c3e019e885'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.