» Ma Lin
Digital Signature
Analysis
Files (67)
Downloads (11)
Distribution (7)
Related (43)

Ma Lin

Publisher Information

Ma Lin is a software publisher located in 北京市, China*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.

Authority:

WoSign CA Limited

Valid from:

6/26/2014 5:24:23 AM

Valid to:

6/26/2015 5:24:23 AM

Subject:

CN=Ma Lin, E=chloezhangling@163.com, L=北京市, S=北京市, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

0fc83fbfe11653f06215dca7eace7e7d

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.MaLin.Q, PUP.MaLin.N, PUP.MaLin.O, PUP.MaLin.J, PUP.MaLin.Y, PUP.MaLin.P, PUP.MaLin.FF, PUP.MaLin.L, PUP.MaLin.U, PUP.MaLin.M, PUP.ELEX.MaLin (M), PUP.ELEX (M)

100.00%

AVG

Downloader.Generic13, Malin, Trojan horse Downloader.Generic13.CNRN, Generic36

74.00%

Rising Antivirus

PE:Worm.Rebhip!1.64F0

72.00%

Baidu Antivirus

Adware.Win32.ELEX, Trojan.Win32.WPM, PUA.Win32.LiMo

70.00%

Malwarebytes

PUP.Optional.SearchHijacker.A, PUP.Optional.MyStartSearch.A

62.00%

McAfee

Artemis!E3F23F812A29, Artemis!4D64F9FE136D, Artemis!5C53369FD285, Artemis!1791442110D3, Artemis!57655046CFE7, Artemis!22621B9A5E8A, Artemis!716C757406CC, Artemis!EFF4FD950123, Artemis!E35586C20E59, Artemis!E2E8ACB2FB07, Artemis!65AAC3F6AA56

52.00%

Trend Micro House Call

Suspicious_GEN.F47V0716, Suspicious_GEN.F47V0722, Suspicious_GEN.F47V0726, TROJ_GEN.R08NH09GV14, Suspicious_GEN.F47V0724

48.00%

AhnLab V3 Security

PUP/Win32.Amonetiz, PUP/Win32.SearchHijacker

42.00%

SUPERAntiSpyware

Trojan.Agent/Gen-Rebhip, Trojan.Agent/Gen-Wysotot, Trojan.Agent/Gen-Anomaly

40.00%

ESET NOD32

Win32/ELEX.AQ (variant), Win32/ELEX.AT (variant), Win32/LiMo (variant)

34.00%

1 / 68 (Adware)

sfpsnew3_omiga-plus.exe (699_sfpsnew3) (168952db0047afd5d14b3400cc7ec8b1)

1 / 68 (Adware)

sfpsnew4_omiga-plus.exe (788_sfpsnew4_omiga-plus by File Syn) (ea467038ad4aa3fc0e4e1411a00ae798)

1 / 68 (Adware)

mind_istart123.exe (890_mind_istart123 by File Syn) (8be8f764acb5df09fbf4d1f2ba743a86)

1 / 68 (Adware)

gili_omiga-plus.exe (805_gili_omiga-plus by File Syn) (6b4cd33cd4b023f7e971deb83f2e4089)

1 / 68 (Adware)

wpc_istart123.exe (895_wpc_istart123 by File Syn) (4f51d8bb053bbc924e1a58c769940e38)

1 / 68 (Adware)

adv_44.exe (723_step) (964afab2236d187a3c51f1147a41ecc6)

1 / 68 (Adware)

812_pjr_webssearches.exe (812_pjr_webssearches by File Syn) (f05d8fdbad220a5c29955919e3ef7573)

1 / 68 (Adware)

kmp_omiga-plus.exe (707_kmp) (cc7910e720ed82aef6d2529a28454c39)

1 / 68 (Adware)

nsbfr_omiga-plus.exe (710_nsbfr) (845611f4795ba3756aec43e1a291fc6e)

1 / 68 (Adware)

gili_omiga-plus.exe (693_gili) (7ae77b26e78697e98a36e6550e9b7f0c)

1 / 68 (Adware)

nsbes_omiga-plus.exe (709_nsbes) (c7e67249ec85be7778f3104730e1d802)

8 / 68 (Adware)

amt_istart123.exe (855_amt_istart123 by File Syn) (65aac3f6aa56122618249e63cbd79b46)

1 / 68 (Adware)

istart123.exe (751_ymb) (8348765e55f9bb66d417a6b71e54c1f9)

12 / 68 (Adware)

amt_webssearches.exe (670_amt) (d368a4d731377d57fe01d78ab533f3a2)

13 / 68 (Adware)

amt_istart123.exe (650_amt) (28b3b3c18131792e15ab9df09dc8a9fd)

23 / 68 (Adware)

july22_sweet-page.exe (770_cor_sweet-page by File Syn) (d4d75ce76fcd9c7b25400c3a06bfe490)

18 / 68 (Adware)

lly_mystartsearch.exe (1774_tugs_mystartsearch by One Syn) (a11c0d78e96e235252d96167fb8d246c)

20 / 68 (Adware)

istart123.exe (751_ymb) (26ea8de8ff41219047c21feafe46552b)

10 / 68 (Adware)

lly_omiga-plus.exe (1775_tugs_omiga-plus by One Syn) (cc717f2841a233ab07ba6855a49a1efc)

19 / 68 (Adware)

lly_omiga-plus.exe (850_tugs_omiga-plus by File Syn) (dbc045ccb61e136be691ce74dee22273)

20 / 68 (Adware)

webssearches.exe (809_vit_webssearches by File Syn) (1edbe4b87bd66f0ba98e3e176c0f5381)

25 / 68 (Adware)

lly_vi-view.exe (858_tugs_vi-view by File Syn) (7046d34deda99b4f9447b4bf8e5c7b1f)

14 / 68 (Adware)

amt_istartsurf.exe (1119_amt_istartsurf by File Syn) (1e6b8d37fc9309470162ea3b95ecdc55)

24 / 68 (Adware)

wpc_webssearches.exe (896_wpc_webssearches by File Syn) (8ddb24c07bcf6d4bd7fb88e06d247aa5)

10 / 68 (Adware)

836_ill_webssearches.exe (836_ill_webssearches by File Syn) (e2e8acb2fb076e8333d3e235b8b454ff)

16 / 68 (Adware)

epom1_nationzoom_20131128171859.exe (713_epom1) (085e6fadc253aa84c0f062779f10af92)

14 / 68 (Adware)

0_offer_0.exe (775_obw_webssearches by File Syn) (e35586c20e59dc8106c4a749f69cc7db)

10 / 68 (Adware)

bdo_omiga-plus.exe (768_bdo_omiga-plus by File Syn) (3e4d99cd68a01856d27cee7cb19377a4)

24 / 68 (Adware)

toolbar8886828.exe (844_smt_omiga-plus by File Syn) (aa7c007bc92bc45b377e737cddf9145f)

12 / 68 (Adware)

bro_webssearches.exe (701_bro) (351c5db7760cdf33a49560042bbf6d88)

Latest 30 of 67 files

Downloads URLs for files signed by Ma Lin.

4 / 68 (Adware)

http://d1s8azhe8rpvoz.cloudfront.net/bundles/.../adks_omiga-plus_20140722.exe (477e5cbffb53b3c7137dc04e4b9ad3e1)

25 / 68 (Adware)

http://www.girlzhangtianjiao.com/hpnt/.../lly_vi-view.exe (7046d34deda99b4f9447b4bf8e5c7b1f)

12 / 68 (Adware)

http://www.girlzhangtianjiao.com/hpnt/.../lly_webssearches.exe (7751df62580c28ed00a923bb5b14540f)

24 / 68 (Adware)

http://i1.transferre.in/.../wpc_webssearches.exe (8ddb24c07bcf6d4bd7fb88e06d247aa5)

13 / 68 (Adware)

http://www.girlzhangtianjiao.com/hpnt/.../lly_omiga-plus.exe (1791442110d3061f7ca7a46f35f50db3)

4 / 68 (Adware)

http://drzwu57ht9dxd.cloudfront.net/bundles/.../adks_omiga-plus_20140722.exe (477e5cbffb53b3c7137dc04e4b9ad3e1)

10 / 68 (Adware)

http://softs.illyx.com/setup/ressources/partenaires_financiers/.../836_ill_webssearches.exe (e2e8acb2fb076e8333d3e235b8b454ff)

1 / 68 (Adware)

http://d1pg43ots40sgg.cloudfront.net/bundle/NationZoomYAC/.../nsbfr_omiga-plus.exe (845611f4795ba3756aec43e1a291fc6e)

23 / 68 (Adware)

http://www.girlzhangtianjiao.com/hpnt/.../lly_webssearches.exe (af6d1d4f6732b932554635d4011cd098)

10 / 68 (Adware)

http://www.girllumin.com/.../lly_omiga-plus.exe (cc717f2841a233ab07ba6855a49a1efc)

1 / 68 (Adware)

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/NationZoomYAC/.../nsbes_omiga-plus.exe (c7e67249ec85be7778f3104730e1d802)

Distribution

The following websites host and distribute files published by Ma Lin.

i1.transferre.in

www.girlzhangtianjiao.com

www.girllumin.com

drzwu57ht9dxd.cloudfront.net

dmrm038s4vkzd.cloudfront.net

d1pg43ots40sgg.cloudfront.net

softs.illyx.com

The certificates below are also signed by Ma Lin.

1972DAA9B51FE3DDD85BAF2096319CF6 (Jan 05, 2015 to Aug 05, 2015)

26954AE19A551B1D622A23C25DBE2503 (Nov 24, 2014 to Jul 24, 2015)

760E23ABF26CF75AE5C944881CCA6DA7 (Aug 20, 2014 to Jul 20, 2015)

The following publishers (by Authenticode signature organization name) are related.

Liyan Liu

Beijing ELEX Technology Co., Ltd.

Li Mo

Hefei Zhimingxingtong Software&Technology Co., Ltd.

Skytouch Technology Co., Limited

Ad Businness Crown Solutions S.L.

PC Utilities Software Limited

DealPly Technologies Ltd

Xiaoqing Liu

Weather Notifications LLC

30 of 43 publishers

* Note, the details and description above are based on the code signing digital signature issued to Ma Lin by WoSign CA Limited on June 26, 2014 with the serial number '0fc83fbfe11653f06215dca7eace7e7d'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.