» Ma Lin
Digital Signature
Analysis
Files (41)
Downloads (11)
Distribution (4)
Related (30)

Ma Lin

Publisher Information

Ma Lin is a software publisher located in 北京市, China*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.

Authority:

WoSign CA Limited

Valid from:

8/20/2014 11:22:46 AM

Valid to:

7/20/2015 11:22:46 AM

Subject:

CN=Ma Lin, E=chloezhangling@163.com, L=北京市, S=北京市, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

760e23abf26cf75ae5c944881cca6da7

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.MaLin.R, PUP.MaLin.K, PUP.MaLin.O, PUP.MaLin.U, PUP.MaLin.M, PUP.Installer.MaLin.F, PUP.MaLin.J, PUP.MaLin.Q, PUP.MaLin.e, PUP.MaLin.T, PUP.MaLin.Y, PUP.MaLin.H, PUP.MaLin.G, PUP.ELEX.MaLin (M), PUP.ELEX.MaLin.Installer (M), PUP.ELEX (M)

100.00%

Baidu Antivirus

Adware.Win32.ELEX, PUA.Win32.LiMo

80.49%

ESET NOD32

Win32/LiMo (variant), Win32/ELEX.AZ (variant)

78.05%

Dr.Web

Adware.Mutabaha.83, Adware.Mutabaha.81, Adware.Mutabaha.76

75.61%

AhnLab V3 Security

PUP/Win32.Amonetize, PUP/Win32.SearchHijacker

70.73%

Agnitum Outpost

Riskware.Agent

68.29%

McAfee

Artemis!2D79E522A869, Artemis!0A7A7259B117, Artemis!294A63A3D984, Artemis!FC3724052C78, Artemis!C06867F573B4, Artemis!D85C86B0E779, Artemis!6803852C8DFE, Artemis!ACAE3B3DB00C, Artemis!24A46E58FEAE

65.85%

NANO AntiVirus

Riskware.Win32.Mutabaha.diqyjk, Riskware.Win32.Mutabaha.dgvhdd

65.85%

Fortinet FortiGate

Riskware/Elex, Riskware/LiMo

63.41%

AVG

Malin

63.41%

1 / 68 (Adware)

lly_omiga-plus.exe (1788_tugs_omiga-plus by One Syn) (96ee382b86a4728ae02553e9c2635ed3)

1 / 68 (Adware)

setup.exe (1783_smt_mystartsearch by One Syn) (a566dd9773a2ceeac73f7cf5feec3bbb)

1 / 68 (Adware)

webssearches_un_1211-2ebb4890.exe (1830_slb2_webssearches by One Syn) (23d9b447efa1043d216ccddedddba1f8)

1 / 68 (Adware)

cvs5_webssearches.exe (1790_cvs5_webssearches by One Syn) (b7d31ce8bc0aa3b227865d3e26fb2adb)

1 / 68 (Adware)

o2fbayukah.exe (1821_exp_webssearches by One Syn) (207264bb5e8d3eddbb295918dee532bf)

1 / 68 (Adware)

setup.exe (1800_smt_omiga-plus by One Syn) (9fbd30d3cdd8ed3feb429a18ec0ba65d)

1 / 68 (Adware)

lly_mystartsearch.exe (1767_tugs_mystartsearch by One Syn) (680cbb3db76fd99135a68ae3d08901e1)

1 / 68 (Adware)

33235a6c-7898-4a65-a85c-22403910215f (1797_profr_sweet-page by One Syn) (a2d5ffeed0e7f97ae7ea352901c03e10)

19 / 68 (Adware)

oct27_cor_sweet-page.exe (1760_cor_sweet-page by One Syn) (2e65a2430d13e6ea737b729e831aa3cf)

19 / 68 (Adware)

lly_omiga-plus.exe (1768_tugs_omiga-plus by One Syn) (3240e2b55922f65d304f0d26069e06ff)

20 / 68 (Adware)

wpc_webssearches.exe (1809_wpc_mystartsearch by One Syn) (6136484badbb5dfa0322875c4acea855)

13 / 68 (Adware)

lly_mystartsearch.exe (1779_tugs_mystartsearch by One Syn) (24a46e58feae0bd9d149b6bd34f7c9f5)

14 / 68 (Adware)

adkszkik.sva.exe (1838_irs_webssearches by One Syn) (acae3b3db00c3a3d4ab8edb9fa695071)

15 / 68 (Adware)

amt_mystartsearch.exe (1781_amt_mystartsearch by One Syn) (6803852c8dfee36a1673e9a63308b6b0)

10 / 68 (Adware)

air2e0.exe (1820_air_v9 by One Syn) (247438dceca9a8d39bcea925ed909b40)

16 / 68 (Adware)

webssearches_1211-a212548c.exe (1829_slbnew_webssearches by One Syn) (2d79e522a8696f104b0d53af143984b2)

16 / 68 (Adware)

ild_v9.exe (1807_ild_v9 by One Syn) (52ca893bfb1122f45dbbaa0ef24f6b15)

16 / 68 (Adware)

adks_omiga-plus_20141110.exe (1818_adks_omiga-plus by One Syn) (d85c86b0e779c501b13bf8e5ba3f2ebb)

16 / 68 (Adware)

o2irmbxgav.exe (1778_exp_webssearches by One Syn) (76fe33ee56c8f7550d1b9a67716d6120)

16 / 68 (Adware)

pjr_webssearches.exe (1840_pjr_webssearches by One Syn) (b9b4bbe8345e96b25c43bb78cddacbdc)

16 / 68 (Adware)

air98a4.exe (1796_air_sweet-page by One Syn) (009b67203b8c193c15658956aeb0611b)

16 / 68 (Adware)

v9_pariente_soft_partner.exe (1811_brd_v9 by One Syn) (08d04f3a614e3c5488685dea7da4a4ec)

16 / 68 (Adware)

cvs_webssearches.exe (1832_cvs_webssearches by One Syn) (ed675179e5931510dec869281e23b644)

4 / 68 (Adware)

6lvmfycfvq.exe (1827_exp_webssearches by One Syn) (73f107f61b4995491b15fab290b5cd93)

7 / 68 (Adware)

wpc_mystartsearch.exe (1808_wpc_mystartsearch by One Syn) (c06867f573b4270c8de117d16caa34b7)

16 / 68 (Adware)

hghnzqq9hp.exe (1778_exp_webssearches by One Syn) (5615104b3369c8edaac7d79d8ef0d044)

12 / 68 (Adware)

mystartsearch.exe (1637_sky_mystartsearch by One Syn) (fc3724052c78f17ba387137b2956529f)

16 / 68 (Adware)

adks_sweet-page_20141031.exe (1798_adks_sweet-page by One Syn) (294a63a3d984259d8bb68fb43b2c80d7)

8 / 68 (Adware)

nov3_cor_sweet-page.exe (1804_cor_sweet-page by One Syn) (0f76bc7d64c5b0312693b2df11d3b672)

16 / 68 (Adware)

setup.exe (1800_smt_omiga-plus by One Syn) (7b44fee3f31d4571098dde39fbdb3665)

Latest 30 of 41 files

Downloads URLs for files signed by Ma Lin.

16 / 68 (Adware)

http://dm930xmxv1gqs.cloudfront.net/bundles/.../adks_omiga-plus_20141110.exe (d85c86b0e779c501b13bf8e5ba3f2ebb)

16 / 68 (Adware)

http://www.girllumin.com/.../air_sweet-page.exe (009b67203b8c193c15658956aeb0611b)

19 / 68 (Adware)

http://www.girllumin.com/.../lly_omiga-plus.exe (3240e2b55922f65d304f0d26069e06ff)

16 / 68 (Adware)

http://www.girllumin.com/.../pjr_webssearches.exe (b9b4bbe8345e96b25c43bb78cddacbdc)

7 / 68 (Adware)

http://www.girllumin.com/.../wpc_mystartsearch.exe (c06867f573b4270c8de117d16caa34b7)

16 / 68 (Adware)

http://www.girlliuxiaoqing.com/.../lly_omiga-plus.exe (331b97d75add85c0359045b6addf48d7)

16 / 68 (Adware)

http://www.girllumin.com/.../lly_mystartsearch.exe (dddf0cfec3a7e9844bd8cbd1a39125cf)

16 / 68 (Adware)

http://dm930xmxv1gqs.cloudfront.net/bundles/.../adks_sweet-page_20141031.exe (294a63a3d984259d8bb68fb43b2c80d7)

16 / 68 (Adware)

http://www.girllumin.com/.../lly_omiga-plus.exe (331b97d75add85c0359045b6addf48d7)

16 / 68 (Adware)

http://www.girllumin.com/.../lly_omiga-plus.exe (61cce748f6936df809d7892a5411941d)

16 / 68 (Adware)

http://dl1.downserver3.com/Installer/.../obw_webssearches_2810.exe (0a7a7259b117aaa1151dc0e50037472b)

Distribution

The following websites host and distribute files published by Ma Lin.

www.girllumin.com

www.girlliuxiaoqing.com

dl1.downserver3.com

dm930xmxv1gqs.cloudfront.net

The certificates below are also signed by Ma Lin.

1972DAA9B51FE3DDD85BAF2096319CF6 (Jan 05, 2015 to Aug 05, 2015)

26954AE19A551B1D622A23C25DBE2503 (Nov 24, 2014 to Jul 24, 2015)

0FC83FBFE11653F06215DCA7EACE7E7D (Jun 26, 2014 to Jun 26, 2015)

The following publishers (by Authenticode signature organization name) are related.

Liyan Liu

Beijing ELEX Technology Co., Ltd.

Li Mo

Hefei Zhimingxingtong Software&Technology Co., Ltd.

PC Backup Software Limited

Klip Pal

Weather Notifications LLC

JH Software Private Limited

Boxore OU

PayByAds ltd.

Olacatala OU

1NSTALL (383 MEDIA, INC.)

Montiera Technologies LTD

MicroSmarts LLC

30 of 30 publishers

* Note, the details and description above are based on the code signing digital signature issued to Ma Lin by WoSign CA Limited on August 20, 2014 with the serial number '760e23abf26cf75ae5c944881cca6da7'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.