home

Li Mo

Publisher Information

Li Mo is a software developer located in Guilin, Guangxi in China*. The company is a primary distributor of unwanted software. Thre are 9 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
8/4/2014 2:00:00 AM

Valid to:
8/12/2015 2:00:00 PM

Subject:
CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0acfc920404bd14f120697bdfee3e5c9

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.LiMo.Q, PUP.LiMo.K, PUP.LiMo.J, PUP.LiMo.O, PUP.LiMo.H, PUP.LiMo.BB, PUP.LiMo.AA, PUP.LiMo.V, PUP.LiMo.Y, PUP.LiMo.DD, PUP.LiMo.L, PUP.Liyan Liu.LiMo, PUP.ELEX.LiMo (M), PUP.ELEX.LiMo.Installer (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.SearchHijacker.A
72.00%

Dr.Web
Adware.Mutabaha.70, Adware.Mutabaha.68
70.00%

AhnLab V3 Security
PUP/Win32.Downloader
70.00%

Agnitum Outpost
PUA.Mutabaha, Riskware.Agent
68.00%

AVG
Generic
64.00%

McAfee
Artemis!68E4FBAA32C6, Artemis!2BE3144251E9, Artemis!6D3CFEEBF716, Artemis!6F4711E70998, Artemis!B3F4CC879CAC, Artemis!CDBB3BCA79DF, Artemis!DA84E8AF15FA, Artemis!38D06A4E3EA1, Artemis!C9F98138845C, Artemis!88B2A1D129BA, Artemis!5299E4E8E415, Artemis!8140F628E29E, Artemis!FB3B4278DDAF, Artemis!FE78A7BF05A3, Artemis!1324DC125B16, Artemis!419851BCC0FF
62.00%

Qihoo 360 Security
Malware.QVM06.Gen, HEUR/Malware.QVM06.Gen
54.00%

Trend Micro House Call
Suspicious_GEN.F47V0820, Suspicious_GEN.F47V0814, Suspicious_GEN.F47V0819, Suspicious_GEN.F47V0818, Suspicious_GEN.F47V0826
38.00%

ESET NOD32
Win32/ELEX.AT (variant), Win32/ELEX.AX (variant)
12.00%

1 / 68      (Adware)
smt_istartsurf.exe (1297_bxk1_webssearches by File Syn)  (71b4044d0748f58602c80a6fc0ad24f6)

1 / 68      (Adware)
air20a6.exe  (4c387c48a771f906a81002afc719ecff)

1 / 68      (Adware)
smt_istartsurf_180814.exe (1261_smt_istartsurf by File Syn)  (1750a15ce54adf4208f80a5b94509116)

1 / 68      (Adware)
toolbar68395423.exe (1321_exp_istart123 by File Syn)  (239241deae003f13c114bc5f7a4b1034)

1 / 68      (Adware)
istart_soft_partner.exe (1266_tt4u_istart123 by File Syn)  (b69095efd0730fea3101f43f6e28661b)

1 / 68      (Adware)
mind_webssearches (1315_mind_webssearches by File Syn)  (c8ec10087fff8f1c5c0b6939566595ee)

1 / 68      (Adware)
nsbit_istartsurf.exe (1319_nsbit_istartsurf by File Syn)  (d0dc05c2fe025b9052e1d3aa8e0d423a)

1 / 68      (Adware)
7t29igqugk.exe (1261_smt_istartsurf by File Syn)  (8ff9fd05d80d34a1e36b110857cddd57)

1 / 68      (Adware)
unt2f58.tmp.exe (1298_epom_istartsurf by File Syn)  (223128c81ff2b66a03b429f1cef82f74)

1 / 68      (Adware)
setup_369.exe (1285_cbp_webssearches by File Syn)  (83ba09468b83d781f42f4e026a2500d6)

1 / 68      (Adware)
adks_webssearches_20140815.exe (1261_smt_istartsurf by File Syn)  (f193d7484ac4e4c05da90f8ecf7b3ab0)

1 / 68      (Adware)
26.exe (1328_fimo_webssearches by File Syn)  (6b79b2dba42fefa7670ad965f6038e12)

1 / 68      (Adware)
lly_webssearches.exe (1256_tugs_webssearches by File Syn)  (93ed1866439e974036843ca22b133f73)

1 / 68      (Adware)
ild_istartsurf.exe (1201_ild_istartsurf by File Syn)  (8776cbd4415fb646e86855ca2cc9c734)

12 / 68    (Adware)
istart123.exe (1342_ymb_istart123 by File Syn)  (ab87dff023c97493df5e63b8c7f9f1c2)

9 / 68      (Adware)
vtt_istartsurf.exe (1305_vtt_istartsurf by File Syn)  (419851bcc0ffb510451707c19eb83a0f)

19 / 68    (Adware)
aug18_v9.exe (1314_cor_v9 by File Syn)  (71bf59322c4c1ae2d237984f7385f6dd)

19 / 68    (Adware)
aug15_v9.exe (1281_cor_v9 by File Syn)  (0ac4594c01cf7aee59a08579cf253318)

18 / 68    (Adware)
auge13_v9.exe (1204_cor_v9 by File Syn)  (532c5ced4455aaeb9b8aafeb2dc5d3bc)

9 / 68      (Adware)
aug18_sweet-page.exe (1313_cor_sweet-page by File Syn)  (1324dc125b16f695d38bc93263fa211a)

10 / 68    (Adware)
websearch_8.exe (1331_ill_webssearches by File Syn)  (8f2b492cff8a0a79149c07e6c5109710)

10 / 68    (Adware)
websearches_pariente_soft_partner.exe (1271_brd_webssearches by File Syn)  (fe78a7bf05a39d5eebcf041a2cfab6fa)

9 / 68      (Adware)
1110_rbm_webssearches.exe (1330_rbm_webssearches by File Syn)  (0dba73ce4f42b8008c4f2fadf12d6d89)

13 / 68    (Adware)
adv_46.exe (1310_step_istartsurf by File Syn)  (7ae8dd90fae16f59627819197b852e3f)

11 / 68    (Adware)
cvs_webssearches.exe (1269_cvs_webssearches by File Syn)  (40a24620c7e678333023cd5d75d5f1fc)

8 / 68      (Adware)
smt_istartsurf_180814.exe (1261_smt_istartsurf by File Syn)  (57595619704519e325afe3f72c217664)

8 / 68      (Adware)
unta960.tmp.exe (1300_epom2_istartsurf by File Syn)  (8140f628e29e67220a88ca3fb3fb3aea)

9 / 68      (Adware)
untced6.tmp.exe (1299_epom1_istartsurf by File Syn)  (5299e4e8e4155df6ad91bc632ae8c193)

8 / 68      (Adware)
uni_istartsurf.exe (1303_uni_istartsurf by File Syn)  (0d8c2f91ddbd4c8a9f03fe0b13acfad9)

8 / 68      (Adware)
1333_cov_webssearches.exe (1333_cov_webssearches by File Syn)  (5085f3604114978a54c9339c5cf8de5e)

 
Latest 30 of 67 files

Downloads URLs for files signed by Li Mo.

8 / 68      (Adware)
http://cdn.airdlr8.com/downloads/offers/.../air_v9_15_08_14.exe  (6f4711e709987b17502d515f8346a638)

9 / 68      (Adware)
http://cdn.ppdownload.com/Installer/.../1282_obw_webssearches.exe  (b546881a3d32f5fc7ef9ce9ace972fc6)

9 / 68      (Adware)
http://dl1.downserver1.com/Installer/.../1282_obw_webssearches.exe  (b546881a3d32f5fc7ef9ce9ace972fc6)

8 / 68      (Adware)
http://www.girlzhangtianjiao.com/hpnt/.../wpc_webssearches.exe  (f6dd901d2e0c9b4779f06e8fcd7b396c)

10 / 68    (Adware)
http://softs.illyx.com/setup/ressources/partenaires_financiers/.../836_ill_webssearches.exe  (8f2b492cff8a0a79149c07e6c5109710)

7 / 68      (Adware)
http://www.hakoonportal.net/.../310714_a6.exe  (6d3cfeebf7165504b5b8dff3a2802113)

The following websites host and distribute files published by Li Mo.

www.girlzhangtianjiao.com

www.hakoonportal.net

softs.illyx.com

The certificates below are also signed by Li Mo.

09CE096F35659BC891BE9713130F3019  (Jul 16, 2015 to Sep 13, 2016)

043D25C59C374D87F947A9A448031E94  (Jul 16, 2015 to Sep 13, 2016)

0A661DB1DB132545D560DF1B8F8F72CE  (Jul 15, 2015 to Sep 13, 2016)

06308C3CB3C78318D687BE76CBCCFDD8  (Aug 04, 2014 to Aug 12, 2015)

0BF14271D8A8ADE8A541CE8C8E1D75A1  (Aug 04, 2014 to Aug 12, 2015)

0381C5BAABACBA4D9D35F2C35CC5326B  (Aug 04, 2014 to Aug 12, 2015)

078E6AB78826A47B4AE05D93CF737658  (Aug 04, 2014 to Aug 12, 2015)

0F53999A8B9372F6AAC4844D7A5BE2CE  (Aug 04, 2014 to Aug 12, 2015)

0226284B6EE43FB2E43A2888B7D5BA02  (Aug 03, 2014 to Aug 12, 2015)

The following publishers (by Authenticode signature organization name) are related.

Liyan Liu

Shulan Hou

Fuyuan Zhou

Ma Lin

Taiming Li

Xiaoqing Liu

Zhang Ling

Kreapixel

MIDIA TECHNOLOGIES LLC

Visual Tools

Hefei Zhimingxingtong Software&Technology Co., Ltd.

Kreapixel Network

SIEN S.A.

gooternet

NOSIBAY

JDI BACKUP LIMITED

Skytouch Technology Co., Limited

BR SOFTWARE LLC

CNB TECHNOLOGIES LLC

ClientConnect LTD

Jambo Digital Ltd

Conduit Ltd.

Visicom Media Inc.

MY POP SHOP LTD

* Note, the details and description above are based on the code signing digital signature issued to Li Mo by DigiCert Inc on August 04, 2014 with the serial number '0acfc920404bd14f120697bdfee3e5c9'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.