Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08ca606335c89594e0b8d9706948a708

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FuyuanZhou, PUP.Installer.FuyuanZhou, Threat.FuyuanZhou, PUP.FuyuanZhou (M), PUP.FuyuanZh (M), PUP (M)
100.00%

Dr.Web
Adware.Mutabaha.219, Adware.Mutabaha.220, Adware.Mutabaha.359, Adware.Mutabaha.288, Adware.Mutabaha.335, Win32.Virut.56
55.17%

Malwarebytes
PUP.Optional.MyStartSearch.A, PUP.Optional.Omniboxes.A, PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.A, PUP.Optional.LuckySearches.A
51.72%

Baidu Antivirus
Adware.Win32.ELEX, Virus.Win32.Patched.$dj
44.83%

herdProtect (fuzzy)
a variant of e45e72b9b6592a0d21baa633a08d5b7954138b86, a variant of 71cbac51724310b59b79648244c7920ab7b415aa, a variant of bdf296c5eb7e2b5e0896822af9d76dc067f01b22
41.38%

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant), Win32/ELEX.CF potentially unwanted (variant), Win32/ELEX.CL potentially unwanted
41.38%

K7 AntiVirus
Unwanted-Program , Adware , Trojan
37.93%

Bkav FE
W32.HfsAdware, W32.OlayFara.PE
37.93%

Fortinet FortiGate
W32/ELEX.CE, Riskware/Elex, W32/Wplug.A
34.48%

Sophos
Elex, PUA 'Elex' (of type Adware), W32/Slugin-A
31.03%

1 / 68      (Adware)

1 / 68      (Adware)
wpc_mystartsearch.exe (3417_wpc_mystartsearch by 768)  (e3e02dc3e8c24f141b7aa79b958fed93)

1 / 68      (Adware)
Istart.exe (3431_ill_istartsurf by HTabp.com)  (95523019ff85fcb55336eeac143e482c)

1 / 68      (Adware)

12 / 68    (Adware)

1 / 68      (Adware)
0pli9uvfo1.exe (3365_obw_omniboxes by HTabp.com)  (5b717da3b2d865961bdd92cbf911497f)

1 / 68      (Adware)

1 / 68      (Adware)
scl_luckysearches.exe (3525_scl_luckysearches by BaiSix)  (b8029a587b9fe0530c06a19aaf290c6a)

1 / 68      (Adware)

1 / 68      (Adware)
con_mystartsearch.exe (3527_con_mystartsearch by BaiSix)  (7cad96b6bc459f49b8448a19106a117a)

1 / 68      (Adware)
obw_omniboxes.exe (3369_obw_omniboxes by HTabp.com)  (3ffd2c7ecbc035484974fe0418e67ccd)

1 / 68      (Adware)

1 / 68      (Adware)

39 / 68    (Adware)

39 / 68    (Adware)

11 / 68    (Adware)
setup_et_sc.exe (3429_scl_luckysearches by HTabp.com)  (bf4c3caa9753b793ea2d5997b240bd14)

9 / 68      (Adware)
obw_istartsurf.exe (3447_obw_istartsurf by HTabp.com)  (76297560417ba7d07624e8cf7dda2029)

12 / 68    (Adware)
wpc_mystartsearch.exe (3417_wpc_mystartsearch by 768)  (66626fe267b37ad56be5bafea39b21ba)

17 / 68    (Adware)
0q1heuffm1.exe (3447_obw_istartsurf by HTabp.com)  (41dc9d8bd07c72e221697d9b92cbc63a)

8 / 68      (Adware)

11 / 68    (Adware)

9 / 68      (Adware)
obw_omniboxes.exe (3445_obw_omniboxes by HTabp.com)  (bf4e3b9d0138ca483fb782538c4855f6)

13 / 68    (Adware)
wpc_mystartsearch.exe (3417_wpc_mystartsearch by 768)  (1b32749127a92dbc4b1cc96370f0def9)

12 / 68    (Adware)
setup_magic_ct.exe (3400_pjr_luckysearches by 768)  (e032e979e64f6bedec9df62782da12aa)

7 / 68      (Adware)

9 / 68      (Adware)
istartsurf.exe (3388_pcs_istartsurf by HTabp.com)  (9276b2f2d461ab5aa1211fffc93ad881)

9 / 68      (Adware)
0agrj1.exe (3365_obw_omniboxes by HTabp.com)  (729c2e556c528396b6c99f49a4c3323a)

14 / 68    (Adware)
0agrj1.exe (3328_obw_omniboxes by HYS)  (dbc18a48c2d808aba3aa3ed1816de6e5)

7 / 68      (Adware)

Downloads URLs for files signed by Fuyuan Zhou.

9 / 68      (Adware)

1 / 68      (Adware)

7 / 68      (Adware)

17 / 68    (Adware)
http://41.223.201.246/.../obw_istartsurf.exe  (41dc9d8bd07c72e221697d9b92cbc63a)

14 / 68    (Adware)

1 / 68      (Adware)

12 / 68    (Adware)

1 / 68      (Adware)

7 / 68      (Adware)

17 / 68    (Adware)
http://113.171.224.203/.../obw_istartsurf.exe  (41dc9d8bd07c72e221697d9b92cbc63a)

1 / 68      (Adware)
http://www.girlyangshijian.com/.../con_mystartsearch.exe  (82d755c02cf7ee8bf6d0df6069ffb8dd)

17 / 68    (Adware)
http://113.171.224.244/.../obw_istartsurf.exe  (41dc9d8bd07c72e221697d9b92cbc63a)

17 / 68    (Adware)
http://113.171.224.165/.../obw_istartsurf.exe  (41dc9d8bd07c72e221697d9b92cbc63a)

9 / 68      (Adware)

1 / 68      (Adware)

11 / 68    (Adware)

17 / 68    (Adware)

13 / 68    (Adware)

9 / 68      (Adware)

The following websites host and distribute files published by Fuyuan Zhou.

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F  (Jun 21, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

21E4E205D19BCF68E4675D7F8F39A764  (Jul 10, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F  (Jul 31, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68  (Aug 10, 2016 to Jun 21, 2017)

4A7ABA23225E999B2DA6A856853C0E31  (Jun 30, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '08ca606335c89594e0b8d9706948a708'.