Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0b3b021206c00102342fb50c9577e5f7

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.FuyuanZhou, Threat.Installer.FuyuanZhou, PUP.FuyuanZhou, PUP.Installer.FuyuanZhou, PUP.FuyuanZhou (M), PUP.FuyuanZh (M), PUP.FuyuanZh.Installer (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.MyStartSearch.A, PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.A
55.88%

Dr.Web
Adware.Mutabaha.278, Adware.Mutabaha.466, Adware.Mutabaha.359, Adware.Mutabaha.361
55.88%

Bkav FE
W32.HfsAdware
52.94%

Baidu Antivirus
Adware.Win32.ELEX
35.29%

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant), Win32/ELEX.CL potentially unwanted (variant), Win32/ELEX.DY potentially unwanted (variant)
23.53%

K7 AntiVirus
Adware
20.59%

VIPRE Antivirus
Threat.4726263, Threat.4655019, Threat.219451, Trojan.Win32.Generic, Threat.4150696
20.59%

avast!
Win32:Oncer, Win32:Vitro, Win32:Adware-gen [Adw]
14.71%

ESET NOD32
Win32/ELEX.DY potentially unwanted application, Win32/ELEX.CL potentially unwanted application
14.71%

1 / 68      (Adware)
scl_oursurfing.exe (3752_scl_oursurfing by 768)  (354ccb7fe5ec78cc84d98c96efb91c08)

1 / 68      (Adware)
wpc_mystartsearch.exe (3417_wpc_mystartsearch by 768)  (2308960ad668f5cd219be214ff68c844)

1 / 68      (Adware)
0qvrflepsta==2.exe (3447_obw_istartsurf by HTabp.com)  (8ba148a270f7b60f09b1bc0b130f43a1)

1 / 68      (Adware)
scl_oursurfing.exe (3717_scl_oursurfing by 768)  (9354e4e09647c9665d1d0dcd37768e0d)

1 / 68      (Adware)
istartsurf.exe (3747_pcs_istartsurf by 768)  (356591999e0e6b33181404fc6b8cf046)

1 / 68      (Adware)
setup_et_sc.exe (3932_scl_oursurfing by 768)  (b22d3c0519914f63ad2ef8399e17afe8)

1 / 68      (Adware)
scl_oursurfing.exe (3623_scl_oursurfing by BaiSix)  (7d2207eb3b9b4c8c2de5d998a9941a84)

1 / 68      (Adware)

1 / 68      (Adware)
con_mystartsearch.exe (3735_con_mystartsearch by BaiSix)  (d8cabe51f16391392a1716092bdf13f5)

1 / 68      (Adware)

1 / 68      (Adware)
istartsurf.exe (3830_pcs_istartsurf by 768)  (f743dd91e512403aeabc10084ab38eec)

9 / 68      (Adware)
istartsurf.exe (3860_pcs_istartsurf by 768)  (6bb9e81dcff3dd49f24a454291b66742)

12 / 68    (Adware)

1 / 68      (Adware)
scl_oursurfing.exe (3832_scl_oursurfing by 768)  (d8bd3152428451238de4e68a03311d6c)

6 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)

5 / 68      (Adware)
scl_oursurfing.exe (3947_scl_oursurfing by 7th)  (fab6967ce49b9e9b3cd2793c8feddc17)

5 / 68      (Adware)
setup_magic_ct.exe (3948_pjr_oursurfing by 7th)  (abbabc84e859d0921c4b95bebdf58612)

15 / 68    (Adware)

7 / 68      (Adware)

5 / 68      (Adware)
wpc_mystartsearch.exe (3949_wpc_mystartsearch by 7th)  (26e5937eaccc6b651a971446ba9f4265)

8 / 68      (Adware)
wpc_mystartsearch.exe (3417_wpc_mystartsearch by 768)  (74115975249b3bdbc16866f6028f398a)

6 / 68      (Adware)

12 / 68    (Adware)
setup_magic_ct.exe (3930_pjr_oursurfing by 768)  (eb93a87c4f5be48a394aba9f455e2012)

3 / 68      (Adware)
istartsurf.exe (3907_pcs_istartsurf by 7th)  (a5d19b9e5a1096073def343163ef82a7)

12 / 68    (Adware)
wpc_mystartsearch.exe (3913_wpc_mystartsearch by 768)  (2b1d83da3cd462ae14d48ed5dda00d08)

16 / 68    (Adware)

10 / 68    (Adware)
wpc_mystartsearch.exe (3864_wpc_mystartsearch by 768)  (c75e770994a1c7b600bfbd5425bb1705)

 
Latest 30 of 34 files

Downloads URLs for files signed by Fuyuan Zhou.

5 / 68      (Adware)

1 / 68      (Adware)

10 / 68    (Adware)

12 / 68    (Adware)

6 / 68      (Adware)
http://www.girlyangshijian.com/.../con_mystartsearch.exe  (d0be0361c50fe262f4f7e965ebe290e6)

16 / 68    (Adware)
http://www.girlyangshijian.com/.../con_mystartsearch.exe  (6b22d865597795b643921ccc8b7afaba)

1 / 68      (Adware)
http://www.girlyangshijian.com/.../con_mystartsearch.exe  (b73e4cc4bafc231b0f540d917b7410c4)

5 / 68      (Adware)

12 / 68    (Adware)

10 / 68    (Adware)

The following websites host and distribute files published by Fuyuan Zhou.

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F  (Jun 21, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

21E4E205D19BCF68E4675D7F8F39A764  (Jul 10, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F  (Jul 31, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68  (Aug 10, 2016 to Jun 21, 2017)

4A7ABA23225E999B2DA6A856853C0E31  (Jun 30, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '0b3b021206c00102342fb50c9577e5f7'.