home

Li Mo

Publisher Information

Li Mo is a software developer located in Guilin, Guangxi in China*. The company is a primary distributor of unwanted software. Thre are 9 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
7/16/2015 2:00:00 AM

Valid to:
9/13/2016 2:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0a661db1db132545d560df1b8f8f72ce

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Liyan Liu.LiMo (M), PUP.Liyan Liu.ELEX (M), PUP.ELEX.LiMo (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.OurSeaching.A, PUP.Optional.Omniboxes.ShrtCln, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.MyStartSearch.A, PUP.Optional.MyStartSearch.ShrtCln
50.00%

ESET NOD32
Win32/ELEX.EC potentially unwanted (variant), Win32/ELEX.CL potentially unwanted (variant)
50.00%

Baidu Antivirus
Adware.Win32.ELEX
40.91%

Agnitum Outpost
Riskware.Agent
27.27%

herdProtect (fuzzy)
a variant of 7158822e3e613984fe79bd62bb933c8bfad7f86d, a variant of 44e1eadf588eedd2f3a178d43510cc3f947acddc, a variant of 277a8797f9a942a55211aa244bdcb34d327479b0
22.73%

Dr.Web
Adware.Mutabaha.288, Adware.Mutabaha.597
22.73%

NANO AntiVirus
Riskware.Win32.Mutabaha.dulzhd
18.18%

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
18.18%

Emsisoft Anti-Malware
Gen:Variant.Mikey.21540
18.18%

1 / 68      (Adware)
cvs_mystartsearch.exe (4230_cvs_mystartsearch by Welnk.com)  (5637d43b33bbcd52cd2c883180a6578c)

1 / 68      (Adware)
freeistartsurf.exe (4242_free_istartsurf by Welnk.com)  (b7269f29e82b17fa1aaa8b94e121decb)

1 / 68      (Adware)
wfldcjec4d0v3pi.exe (4225_icp_istartsurf by Welnk.com)  (e9a46b0076645a7da19b7409f5fee3ae)

1 / 68      (Adware)
oursurfing.exe (4149_2sq1_oursurfing by Software Removal tool)  (9b95f4fda974ff6765329478cb3e011b)

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4234_age_oursurfing by Welnk.com)  (1e5388ea03da60fbd0e216d4e71113b1)

1 / 68      (Adware)
rbm_istartsurf.exe (4223_rbm_istartsurf by Welnk.com)  (8f4660b5fe7598378fb722e91562e859)

1 / 68      (Adware)
oursurfingadv_03_08--c59fb256.exe (4224_advt_oursurfing by Welnk.com)  (e53c0a2265bd05acbe2d9b5c163c6d69)

1 / 68      (Adware)
lly1_istartsurf.exe (4186_tug1_istartsurf by Software Removal tool)  (38866d0c5d3a03ff050df11d75250318)

1 / 68      (Adware)
wnf_mystartsearch.exe (4219_wnf_mystartsearch by Welnk.com)  (dd16fdd9c6875ba582d468402079e93c)

9 / 68      (Adware)
cvs_mystartsearch.exe (4239_cvs_mystartsearch by Welnk.com)  (a3f21a46d53cc01c322aa86adb86291b)

11 / 68    (Adware)
tti_omniboxes.exe (4238_tti_omniboxes by Welnk.com)  (f3e956011f0a3b2ae263a6277fd0320e)

7 / 68      (Adware)
ymsy3x05zs3lqrvinmglurwusobymsy3x05zs3lqrvinmglurwusob_a9.exe (4243_pcm_istartsurf by Welnk.com)  (c7768e8f072bf8098df2473aaa67a944)

7 / 68      (Adware)
1tbxsoeofyxslph.exe (4237_icp_istartsurf by Welnk.com)  (feebb59e6b4850304fb7020d0d70fb3f)

12 / 68    (Adware)
obw_istartsurf.exe (3447_obw_istartsurf by HTabp.com)  (265da72e74eeb3015da4633ba4ac1a13)

7 / 68      (Adware)
oursurfing.exe (4149_2sq1_oursurfing by Software Removal tool)  (6d4493782f6d803ffb21bb34a8d0d946)

1 / 68      (Adware)
zcaerpp6muazkjmgqc5xujazwswzcaerpp6muazkjmgqc5xujazwsw_a9.exe (4222_pcm_istartsurf by Welnk.com)  (acb3627a257f25863c1b406f95e4c9ef)

7 / 68      (Adware)
tmpe408.tmp.exe (4221_eit_oursurfing by Software Removal tool)  (05f2c1f6194c6bda3420e95659611378)

1 / 68      (Adware)
vau79a0.tmp.exe (4233_ium6_mystartsearch by Welnk.com)  (e1a7a45f4dc3e16dd3d6514ad6d9f21a)

4 / 68      (Adware)
0p1i9lkpusw==1.exe (4228_obw_istartsurf by Welnk.com)  (3860532466750e57af716b7f3aa03370)

4 / 68      (Adware)
tti_omniboxes.exe (4229_tti_omniboxes by Welnk.com)  (7563d758d1694a6c8e09af88637cd93f)

10 / 68    (Adware)
lly_mystartsearch.exe (4182_tugs_mystartsearch by Software Removal tool)  (65cb45b8db7b343239232f1571f381a9)

6 / 68      (Adware)
lly_istartsurf.exe (4185_tugs_istartsurf by Software Removal tool)  (a03c6652904dec08f4fd559380e83c17)

Downloads URLs for files signed by Li Mo.

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (3860532466750e57af716b7f3aa03370)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (acb3627a257f25863c1b406f95e4c9ef)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (265da72e74eeb3015da4633ba4ac1a13)

7 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (c7768e8f072bf8098df2473aaa67a944)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (38866d0c5d3a03ff050df11d75250318)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (a03c6652904dec08f4fd559380e83c17)

10 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (65cb45b8db7b343239232f1571f381a9)

The following websites host and distribute files published by Li Mo.

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Li Mo.

09CE096F35659BC891BE9713130F3019  (Jul 16, 2015 to Sep 13, 2016)

043D25C59C374D87F947A9A448031E94  (Jul 16, 2015 to Sep 13, 2016)

06308C3CB3C78318D687BE76CBCCFDD8  (Aug 04, 2014 to Aug 12, 2015)

0BF14271D8A8ADE8A541CE8C8E1D75A1  (Aug 04, 2014 to Aug 12, 2015)

0381C5BAABACBA4D9D35F2C35CC5326B  (Aug 04, 2014 to Aug 12, 2015)

078E6AB78826A47B4AE05D93CF737658  (Aug 04, 2014 to Aug 12, 2015)

0F53999A8B9372F6AAC4844D7A5BE2CE  (Aug 04, 2014 to Aug 12, 2015)

0ACFC920404BD14F120697BDFEE3E5C9  (Aug 04, 2014 to Aug 12, 2015)

0226284B6EE43FB2E43A2888B7D5BA02  (Aug 03, 2014 to Aug 12, 2015)

The following publishers (by Authenticode signature organization name) are related.

Liyan Liu

Shulan Hou

Fuyuan Zhou

Ma Lin

Taiming Li

Xiaoqing Liu

Zhang Ling

Thinknice Co., Limited

Yuxin WANG

Search Vortex

Giner Tech Inc

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Li Mo by DigiCert Inc on July 16, 2015 with the serial number '0a661db1db132545d560df1b8f8f72ce'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.