home

Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Beijing, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
6/20/2016 7:00:00 PM

Valid to:
6/21/2017 6:59:59 PM

Subject:
CN=Fuyuan Zhou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
10baeffae92e787f9c63d3ce7a487e6f

Scanner detections:
Detections  (88% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FuyuanZh (M), Common.PartOf.PUP.FuyuanZh (M), PUP (M)
100.00%

1 / 68      (Adware)
chrome_child.dll (Birdsarah by Google)  (9a762b1a8b4fd844f589e7781a677f1f)

1 / 68      (Adware)
chrome.dll (Birdsarah by Google)  (0ee5938497acff43057846ed11d38ebc)

1 / 68      (Adware)
chrome.exe (Jamsarah by Google)  (4e01a350a978439589780bff3b10fc45)

1 / 68      (Adware)
chrome.dll (Birdsarah by Google)  (7adba9d0a4e420c9e253388caa941530)

1 / 68      (Adware)
chrome.dll (Jamsarah by Google)  (b577c5d1865fa3f2bfafeb99d7f61868)

1 / 68      (Adware)
chrome_child.dll (Birdsarah by Google)  (bcdbad4e7928a824b72bbe44747de206)

1 / 68      (Adware)
chrome_child.dll (Birdsarah by Google)  (e93fb5a92c7a5ae29b66b7ad60a6c333)

1 / 68      (Adware)
chrome.exe (Jamsarah by Google)  (4e01a350a978439589780bff3b10fc45)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (10edd1b3dbc0b2ed435ff9a6b7e92302)

1 / 68      (Adware)
chrome_child.dll (Birdsarah by Google)  (3775ca2c79df83a8fd97ba5ac62fd1f5)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (f1daaa3400a2c1de809fde7389fdc506)

1 / 68      (Adware)
chrome.exe (Jamsarah by Google)  (4e01a350a978439589780bff3b10fc45)

1 / 68      (Adware)
delegate_execute.exe (Nosemay by Google)  (b56712dfa352c5e80b61a726c595c8dd)

1 / 68      (Adware)
chrome.exe (Jamsarah by Google)  (7d584cac65dce03a6f2e979a85db8080)

1 / 68      (Adware)
chrome.dll (Birdsarah by Google)  (e0dab73fee493f033984ad526f2d2e19)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (9a4bd581ba0bf361954a325eb0e8806c)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (cd4145ffa4b785c6a18318ceb618f924)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (cb4d8277e1e9772fc066ecc3d7eeae2d)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (10edd1b3dbc0b2ed435ff9a6b7e92302)

1 / 68      (Adware)
chrome.exe (Birdsarah by Google)  (10edd1b3dbc0b2ed435ff9a6b7e92302)

1 / 68      (Adware)
wow_helper.exe  (d51a54b2ccb645fe7127d4007f5dd986)

1 / 68      (inconclusive)
libGLESv2.dll (ANGLE libGLESv2 Dynamic Link Library)  (60dc09a645a027e85ce087ac60c0641e)

1 / 68      (Adware)
libexif.dll  (2f7df4d8437ceff4660a535c30cbab9e)

1 / 68      (inconclusive)
libEGL.dll (ANGLE libEGL Dynamic Link Library)  (461bc18c816a30cc0c67fa89b7fa375f)

1 / 68      (Adware)
delegate_execute.exe (Nosemay by Google)  (436b8acd261c8c1f73521ceda072ccc9)

1 / 68      (Adware)
chrome_watcher.dll (Jamsarah by Google)  (ac5bb2eec864473156321453672f3ba5)

1 / 68      (Adware)
chrome_elf.dll (Jamsarah by Google)  (fee48a5dd799d3296b8669c7503adacd)

1 / 68      (Adware)
chrome_child.dll (Jamsarah by Google)  (9838c3d5055f78e234aa52c6e96fe162)

1 / 68      (Adware)
chrome.exe (Jamsarah by Google)  (4e01a350a978439589780bff3b10fc45)

1 / 68      (Adware)
chrome.dll (Jamsarah by Google)  (aaecfe5472e8f05dcac2eacc8b8758f4)

 
Latest 30 of 50 files

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

21E4E205D19BCF68E4675D7F8F39A764  (Jul 10, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F  (Jul 31, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68  (Aug 10, 2016 to Jun 21, 2017)

4A7ABA23225E999B2DA6A856853C0E31  (Jun 30, 2016 to Jun 21, 2017)

4AC20618E32CD1852F905D6065B9B8B8  (Jul 24, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by thawte, Inc. on June 20, 2016 with the serial number '10baeffae92e787f9c63d3ce7a487e6f'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.