» Fuyuan Zhou
Digital Signature
Analysis
Files (33)
Downloads (14)
Distribution (2)
Related (12)

Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.

Authority:

DigiCert Inc

Valid from:

1/15/2015 2:00:00 AM

Valid to:

1/20/2016 2:00:00 PM

Subject:

CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0933772030cfd7e6a3d0d1959d875688

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.FuyuanZhou (M), PUP.FuyuanZhou.Installer (M), PUP.FuyuanZh (M), PUP (M)

100.00%

Malwarebytes

PUP.Optional.IStartSurf.A, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.MyStartSearch.ShrtCln, PUP.Optional.Omniboxes.ShrtCln

51.52%

Dr.Web

Adware.Mutabaha.573, Adware.Mutabaha.590, Adware.Mutabaha.597

51.52%

Bkav FE

W32.HfsAdware

36.36%

herdProtect (fuzzy)

a variant of 730d73c759809ef41c0fae9be8daf247bfb9c581, a variant of 9b005b6f4c544d18d612f40578c11b0d99c93ada, a variant of 6a08219bc64fe5039a15314c0676c09e335d44af

18.18%

NANO AntiVirus

Riskware.Win32.Mutabaha.dunath, Riskware.Win32.Mutabaha.dvinmw, Riskware.Win32.Mutabaha.dvglla

15.15%

ESET NOD32

Win32/ELEX.DY potentially unwanted (variant), Win32/ELEX.EP potentially unwanted, Win32/ELEX.EN potentially unwanted (variant)

12.12%

F-Secure

Application.Elex.I, Trojan.GenericKD.2657603, Gen:Variant.Kazy.713134

9.09%

Quick Heal

PUA.MSJDGBTIR.OD6

6.06%

Baidu Antivirus

Adware.Win32.ELEX

6.06%

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (fec016c11fb49bea93d325a2d9db34eb)

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (0a95a48f3227123fcbedc4f53b3115d1)

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (fda8a7e76dc5ee8b15f22a4782611042)

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (b7a996d68a4249811b340db85fa0cf80)

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (ffdca315fc8339d455a706d50662f7e9)

1 / 68 (Adware)

wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768) (c6a597f94a85e0c397acf4342996fc47)

1 / 68 (Adware)

wpc_mystartsearch.exe (4343_wpc_mystartsearch by 7th) (8ca89936a62139e4925fd17d17660d1b)

1 / 68 (Adware)

con_mystartsearch.exe (4158_con_mystartsearch by Welnk.com) (a6a4722ef1d54bc46bce36443c5014a0)

1 / 68 (Adware)

nseabce.tmp (7f32271dd132140cf2f70ef2ef23bef4)

1 / 68 (Adware)

setup_magic_ct.exe (4284_pjr_oursurfing by Welnk.com) (b1b8cc0f6d5bb7c1c3310b7f2add05d9)

1 / 68 (Adware)

setup_magic_ct.exe (4203_pjr_oursurfing by 7th) (b040f14097ea9a006ce89dc10b78d9b0)

9 / 68 (Adware)

obw_istartsurf.exe (4201_obw_istartsurf by Welnk.com) (82a3a04e62f2ac3f9c34f9762f399605)

3 / 68 (Adware)

adv_46.exe (4558_ima_istartsurf by 7th) (0bcca43c0e217c14d5f2220e19369857)

12 / 68 (Adware)

nsjef15.tmp (4575_cmi_mystartsearch by 7th) (94c92894119d1b7569d1b35651d5dbd6)

1 / 68 (Adware)

0p1i9lkpusw==2.exe (4568_obw_istartsurf by Webank.net) (8af0356f6f3c54500a1a24fed3fb682d)

3 / 68 (Adware)

adv_76.exe (4557_ima_mystartsearch by 7th) (1df8035c214de73cf88d46d56861466e)

4 / 68 (Adware)

wpc_mystartsearch.exe (4524_wpc_mystartsearch by Webank.net) (0893a5a8cf2684f976e8dd3e56c4d17b)

12 / 68 (Adware)

tti_omniboxes.exe (4506_tti_omniboxes by 7th) (d1d477b103e428ee90f060606d86d287)

3 / 68 (Adware)

con_mystartsearch.exe (4482_con_mystartsearch by 7th) (65d28b730f1b3c654812eb6f78b807d5)

1 / 68 (Adware)

0pljatvnq2.exe (4507_obw_istartsurf by Webank.net) (97ef1ace9b4e84e5837b19b640eeac53)

3 / 68 (Adware)

nsed7b9.tmp (4470_face_istartsurf by 7th) (a91b4aa15fae6694714c8406bae47ea3)

5 / 68 (Adware)

WeLink.exe (4500_cmi_mystartsearch by Welnk.com) (85d6d65ac84746d6a0a46428825f41f8)

11 / 68 (Adware)

obw_istartsurf.exe (4487_obw_istartsurf by Welnk.com) (2cfd9d9ae6c6f1d1fcd7b3241914d0e2)

1 / 68 (Adware)

wpc_mystartsearch.exe (4451_wpc_mystartsearch) (870cbc16e0e5d519e228c9d52c652ffa)

3 / 68 (Adware)

0p1i9lkpusw==1.exe (4464_obw_istartsurf by 7th) (76a7a62d3523c058abfa89322165a61f)

7 / 68 (Adware)

0p1i9lkpusw==2.exe (4315_obw_istartsurf by 768) (a02dd5f5013b007df7041f8296870286)

7 / 68 (Adware)

wpc_mystartsearch.exe (4304_wpc_mystartsearch by 768) (e0ee9fb7d1b3232e97b2edffaa4b5cf1)

7 / 68 (Adware)

0pljatvnq1.exe (4201_obw_istartsurf by Welnk.com) (41d7614e70c421dc6dff2d80c4697eb9)

1 / 68 (Adware)

wpc_mystartsearch.exe.tmp (4068_wpc_mystartsearch by 768) (2b7674b8099aa85e6569482d48097519)

6 / 68 (Adware)

icp_istartsurf.exe (4159_icp_istartsurf by Welnk.com) (d37e122cd8b19cd2fca1ff633698dfee)

Latest 30 of 33 files

Downloads URLs for files signed by Fuyuan Zhou.

3 / 68 (Adware)

http://www.girlyangshijian.com/.../con_mystartsearch.exe (65d28b730f1b3c654812eb6f78b807d5)

6 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../icp_istartsurf.exe (d37e122cd8b19cd2fca1ff633698dfee)

7 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (a02dd5f5013b007df7041f8296870286)

1 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (97ef1ace9b4e84e5837b19b640eeac53)

11 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (2cfd9d9ae6c6f1d1fcd7b3241914d0e2)

1 / 68 (Adware)

http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe (3f2ce214f497bb973de3067ff602431d)

1 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (8af0356f6f3c54500a1a24fed3fb682d)

3 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (76a7a62d3523c058abfa89322165a61f)

12 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe (94c92894119d1b7569d1b35651d5dbd6)

5 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (6eebe2268dd9308596c843945b251f70)

3 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe (a91b4aa15fae6694714c8406bae47ea3)

7 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (41d7614e70c421dc6dff2d80c4697eb9)

5 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe (4d8729a1b03549d213a0daa6b8dc16b2)

5 / 68 (Adware)

http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe (85d6d65ac84746d6a0a46428825f41f8)

Distribution

The following websites host and distribute files published by Fuyuan Zhou.

d3kj6o4rxau601.cloudfront.net

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24 (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D (Jul 28, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F (Jun 21, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6 (Jul 06, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4 (Aug 24, 2016 to Jun 22, 2017)

21E4E205D19BCF68E4675D7F8F39A764 (Jul 10, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F (Jul 31, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68 (Aug 10, 2016 to Jun 21, 2017)

4A7ABA23225E999B2DA6A856853C0E31 (Jun 30, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '0933772030cfd7e6a3d0d1959d875688'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.