home

Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05bf5e9600d59ee9cb02166ff1f03a70

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FuyuanZhou (M), PUP.FuyuanZhou.Installer (M), PUP.FuyuanZh (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.IStartSurf.A, PUP.Optional.MyStartSearch.A, PUP.Optional.OurSeaching.A
63.64%

ESET NOD32
Win32/ELEX.EH potentially unwanted (variant), Win32/ELEX.EC potentially unwanted (variant), Win32/ELEX.CL potentially unwanted
54.55%

Dr.Web
Adware.Mutabaha.306, Adware.Mutabaha.573, Adware.Mutabaha.316, Adware.Mutabaha.524
54.55%

K7 AntiVirus
Adware
45.45%

Baidu Antivirus
Adware.Win32.ELEX
45.45%

Agnitum Outpost
Riskware.Agent
36.36%

SUPERAntiSpyware
PUP.MyStartSearch/Variant, Adware.MyStartSearch/Variant
27.27%

Bkav FE
W32.HfsAdware
27.27%

MicroWorld eScan
Gen:Application.Elex.1
18.18%

1 / 68      (Adware)
scl_oursurfing.exe (4082_scl_oursurfing by 7th)  (ac1e5347cf0199f710f7b1fed2c20a74)

1 / 68      (Adware)
mystartsearchslb2_1607--b9371ac9.exe (3389_slb2_mystartsearch by HTabp.com)  (fecc629c3b64d3f63cec4d42f9c7ff0f)

1 / 68      (Adware)
wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768)  (513a45f5b407407385140452bff11f5a)

13 / 68    (Adware)
setup_magic_ct.exe (4127_pjr_oursurfing by Synergy (32-bit))  (a5156aedcc18313fb7d6ebf68d9e194e)

13 / 68    (Adware)
setup_magic_ct.exe (4131_pjr_oursurfing by Welnk.com)  (6cfb2bf5dbdff5dd4864d30e3c4d3488)

4 / 68      (Adware)
0qfdcmepqtg==1.exe (4146_obw_istartsurf by 7th)  (4103df509a1d875932099cf484d29443)

8 / 68      (Adware)
0qfdcmepqtg==1.exe (3447_obw_istartsurf by HTabp.com)  (7ed229e3ee406cf677cfb6f337a816f8)

7 / 68      (Adware)
mystartsearchslbnew_1607--37fa9173.exe (3390_slbnew_mystartsearch by HTabp.com)  (6890686b86ec4ae41528a70a832eb659)

14 / 68    (Adware)
0qfdcmepqtg==1.exe (4130_obw_istartsurf by Synergy (32-bit))  (6148ba93488636f8a9f1e8e1b42a29ea)

7 / 68      (Adware)
obw_istartsurf.exe (3447_obw_istartsurf by HTabp.com)  (3d2352cc88d29a21051f728c02ca81ba)

1 / 68      (Adware)
wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768)  (e32c415cc408cfcb56d8ff74c8b6d210)

Downloads URLs for files signed by Fuyuan Zhou.

1 / 68      (Adware)
http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe  (e32c415cc408cfcb56d8ff74c8b6d210)

8 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (7ed229e3ee406cf677cfb6f337a816f8)

13 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../pjr_oursurfing.exe  (a5156aedcc18313fb7d6ebf68d9e194e)

14 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (6148ba93488636f8a9f1e8e1b42a29ea)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (3d2352cc88d29a21051f728c02ca81ba)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (4103df509a1d875932099cf484d29443)

The following websites host and distribute files published by Fuyuan Zhou.

d3kj6o4rxau601.cloudfront.net

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F  (Jun 21, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

21E4E205D19BCF68E4675D7F8F39A764  (Jul 10, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F  (Jul 31, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68  (Aug 10, 2016 to Jun 21, 2017)

4A7ABA23225E999B2DA6A856853C0E31  (Jun 30, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

Li Mo

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '05bf5e9600d59ee9cb02166ff1f03a70'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.