home

Riyue peer information technology (Beijing) Co., Ltd

Publisher Information

Riyue peer information technology (Beijing) Co., Ltd is a software publisher located in beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. There is one additional code signing certificate issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
2/2/2015 8:00:00 AM

Valid to:
4/3/2016 7:59:59 AM

Subject:
CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6ffbc290fccd68d68a5aab6bb6e783d4

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.RiyuepeerinformationtechnologyBeijingCo.Installer (M), PUP.RiyuepeerinformationtechnologyBeijingCo (M), PUP.Riyuepee (M), PUP.Riyuepee.Installer (M), PUP (M)
82.93%

Dr.Web
Adware.Downware.10523
29.27%

IKARUS anti.virus
Trojan-Banker.Win32.Delf, Hoax.Win32.ArchSMS
26.83%

McAfee
Artemis!E9D4E1408C36, Artemis!6F7B06B13D81, Artemis!755E53E348A3, Artemis!6C7D62CD97EA, Artemis!0D1DC2436745, Artemis!A411EB7A4202
19.51%

ESET NOD32
Win32/Gaofenquming.A potentially unwanted (variant)
19.51%

AhnLab V3 Security
Downloader/Win32.Banload
17.07%

Bkav FE
W32.HfsAdware
17.07%

K7 AntiVirus
Adware
17.07%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
14.63%

Fortinet FortiGate
Riskware/Gaofenquming
14.63%

1 / 68      (Malware)
ivtbluesoleil3228re_25@7214103668e72732.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (616484f132fc5fbbe48cd1633aecbc1d)

1 / 68      (Malware)
setup.exe (by Riyue peer information technology (Beijing) Co.)  (56430dddbd9761e7a70c7127480541d7)

1 / 68
zlib1.dll (zlib)  (64a4d8f09817a4166377ae79c027dff1)

1 / 68      (Malware)
xhelper64.exe  (d9fa5b33ae983a40847526a06e914c97)

1 / 68      (Malware)
xHelper.exe  (955a08e0ef99cfca5f5c3e5f54fee61a)

1 / 68      (Malware)
utilities.dll (utilities)  (376e1a5e416a9a123d3bba7c8151702d)

1 / 68      (Malware)
translator.dll (translator)  (4f64f15fa73d54ea34b75787ae0c1bb0)

1 / 68      (Malware)
soui.dll (soui)  (6d32a388709224a289f3659bc684f288)

1 / 68      (Malware)
soui-sys-resource.dll (soui-sys-resource)  (cfd7abbf5c4dac83bd0fd6a81ff79770)

1 / 68      (Malware)
render-gdi.dll (render-gdi)  (6e3b403fe6c70b4f0e05a236530871c8)

1 / 68      (Malware)
plug_weather.dll  (bbc666627ae7c1fa3a8a91e98007d56a)

1 / 68
libcurl.dll (The cURL library by The cURL library, http://curl.haxx.se/)  (b23119dd739efb25d4c960c0df93cdd9)

1 / 68      (Malware)
imgdecoder-png.dll (imgdecoder-png)  (dff9544f4227093dbdbe15d6cebbdc21)

1 / 68      (Malware)
CrashSender.exe  (3a73bbf0a32d0849f776ff2f6e24a257)

1 / 68      (Malware)
CrashRpt.dll  (eb96d4e51fc0c808c705a6a8c385fd10)

1 / 68      (Malware)
CalTool.dll  (78d147f37e44f22db365871f36feafb2)

1 / 68      (Malware)
calendardll64.dll  (6ca3ca9ecad9e117c69c45356761082c)

1 / 68      (Malware)
calendardll.dll  (bbe607eb8342a9842bc24c7f1709ff3b)

1 / 68      (Malware)
ncalendar_xzzj@17.exe (by Riyue peer information technology (Beijing) Co.)  (3a7fb815fac54817c81b5bf0e741ca25)

1 / 68      (Malware)
setup.exe (by Riyue peer information technology (Beijing) Co.)  (9b3d6fa28bb5a26e6d1869dd0b69e216)

1 / 68      (Malware)
赛尔号外挂下载 赛尔号免费升级100外挂_218656.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (926203488725889920e28a71a39a481a)

1 / 68      (PUP)
nsCalendar.dll  (af2020ed10fd776ec3cfb8ad5233e558)

1 / 68      (PUP)
音乐制作专家music加强版_1@11996.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (f7f3e5bf6c14da129668ab7946d31b59)

1 / 68      (PUP)
calendar.exe  (de084194fe87b63682006fa5bc961e22)

1 / 68      (PUP)
ems sql manager for oracle_1@65554.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (f6f297395da253ef8a541e2c59c464e6)

1 / 68      (PUP)
迅雷thunder 5.9.28.1564_3@30735.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (b09dc8448e1f4937037e23ccac3dca23)

1 / 68      (PUP)
minecraft1.8.1_full_5200003564526967945.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (a893ed86bef148f8b4ff22970a34471e)

1 / 68      (PUP)
小画家.net_1@38489.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (703e8d21c3dfc92e7ea0e1ab10c782b6)

2 / 68      (PUP)
nsCalendar.dll  (5ba174dda8a78f6133272bcbd258871a)

7 / 68      (PUP)
downer_21@33948309.exe (downer for windows by Riyue peer information technology (Beijing) Co.)  (f4daa1a37d860d55de941135bb8e9d76)

 
Latest 30 of 41 files

Downloads URLs for files signed by Riyue peer information technology (Beijing) Co., Ltd.

9 / 68      (PUP)
http://dl.pconline.com.cn/intf/.../downLoadTool.jsp?masterId=51224&ipType=1&riYueToken=jb7V43v2  ({cd7c1cc9-8526-402f-98e0-3eecfbae977d})

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_51446_16658137/.../ppstreamsetup_pconline_5100000514466658137.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

7 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=3.0&name=?????DIY???&id=12058&token=cdde114573a00efa8ce7e91d35159707  (nds模拟器 no$gba_1@116287.exe)

1 / 68      (Malware)
http://www.baidu.com/cb.php?c=IgF_pyfqnHRYnWD3nHD0IZ0qnfK9ujYkn1nLrHbz0Aw-5HD1nHbLP160TAq15H6LnWfYr0K15y7WnWw-m19hnjNWmH9hrHb0uZfqnHfYnH6vP1fLPfKdThsqpZwYTjCEQLPYmgwGmz3LnMG3QhPEUiqsmyPoQLP-IZNsQhN3ufKzujYv0AFV5H00TZcqn0KdpyfqP10LrH63rfKEpyfqnWRsPWf10APGujY1Pj61P160ULI85Hc1nHTvn6KWThnqnHDkPHb  (setup.exe)

12 / 68    (PUP)
http://gs.mydown.yesky.com/downer_21@115235.exe  (0d1dc243674597343f2a82b97b2467ff)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_307_16967159/.../7z938_5100000003076967159.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

1 / 68      (Malware)
http://downloader-paoba.oss-cn-beijing.aliyuncs.com/.../??????? ???????100??_218656.exe  (926203488725889920e28a71a39a481a)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_41068_16976854/.../GOMPLAYER_PCONLINE_5100000410686976854.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

12 / 68    (PUP)
http://gs.mydown.yesky.com/downer_21@11489693.exe  (0d1dc243674597343f2a82b97b2467ff)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_62959_16977481/.../KuaiwanSetup_3.5.6.3_5100000629596977481.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_51224_26988254/.../Thunder_dl_7.9.37.4952_5200000512246988254.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

1 / 68      (PUP)
http://www.onlinedown.net/.../index3.php?ver=1&name=??Thunder 5.9.28.1564&id=30735&token=ed3a9e4aa54c1cf1eb3a51bc352c8f5f  (迅雷thunder 5.9.28.1564_3@30735.exe)

1 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_10234_16763344/.../FoxitPDFEditor_5100000102346763344.exe  (703e8d21c3dfc92e7ea0e1ab10c782b6)

7 / 68      (PUP)
http://www.onlinedown.net/.../index3.php?ver=1&name=GHOST???? 2.3.7&id=3389&token=146d8c155c6049917d79a0dca4bf86d4  (nds模拟器 no$gba_1@116287.exe)

4 / 68      (PUP)
http://static.72zx.com/.../setup_@24.exe  (f0cc0ce4116eba72037abf1afc39a383)

7 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=3.3.0&name=BETV????&id=110942&token=1bca8661dc7fd54bcd2b74250b2e7ea9  (nds模拟器 no$gba_1@116287.exe)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_8264_16975812/.../bitcomet_x86_setup_5100000082646975812.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

7 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=2012 Build1118&name=LXE???&id=109228&token=cecc21ec04b9872238fa492bc92e9cb8  (nds模拟器 no$gba_1@116287.exe)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_141_16468033/.../Nero-9.4.12.3d_free_5100000001416468033.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

4 / 68      (PUP)
http://static.72zx.com/.../setup_@23.exe  (f0cc0ce4116eba72037abf1afc39a383)

6 / 68      (PUP)
http://ftp-idc.pconline.com.cn/94630d1796506dd7e457dad9e5c56f0f/5100000101256937934/1KG_20140718_HD/pub/download/.../maldner.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

13 / 68    (PUP)
http://ftp16-dg.pconline.com.cn/pub/download/ftpdown/gamepack/gameapp/downer_20/.../downer_20.exe  (6c7d62cd97ea66545bcb09a676d5c98c)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_10125_16986238/.../1KG_20150705_HD_5100000101256986238.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

6 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=1.0&name=RPGVXACE RTP&id=528005&token=b1316714070218d175484b478dc1c716  (木头超级字典生成器%28木头字典工具集%29 正式版_1@50061.exe)

10 / 68    (PUP)
http://www.onlinedown.net/.../index2.php?ver=2013&name=???????????(???)&id=51171&token=24fca9906f7af763948cf32cd63bcacf  (directx修复工具_1@120082.exe)

9 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_355838_16982027/.../RealCodec_2_3_Signed_5100003558386982027.exe  (a411eb7a4202a596341ce6609c292a60)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_353472_16992930/.../KaoPuSetup-v3.6.2279-hjxz_5100003534726992930.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

6 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=1.10.1&name=Workrave&id=40679&token=aed13317ac67cb91bbf246a6f4bb1083  (木头超级字典生成器%28木头字典工具集%29 正式版_1@50061.exe)

7 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=9.7.2&name=SpyShelter Premium&id=103196&token=930ab215082b29a51c095f4a9948df29  (spyshelter premium_1@103196.exe)

6 / 68      (PUP)
http://dlc2.pconline.com.cn/filedown3_37973_16961492/.../360safe 105720 n6075a44d8_5100000379736961492.exe  (e9d4e1408c36bf20c0ad305121bd7c59)

 
Latest 30 of 30 download URLs

The following websites host and distribute files published by Riyue peer information technology (Beijing) Co., Ltd.

downloader-paoba.oss-cn-beijing.aliyuncs.com

static.72zx.com

ftp16-dg.pconline.com.cn

gs.mydown.yesky.com

www.onlinedown.net

ftp-idc.pconline.com.cn

dlc2.pconline.com.cn

The following certificate is also signed by Riyue peer information technology (Beijing) Co., Ltd.

5EF67E737811F4602210D3F817327CE7  (Feb 20, 2014 to Feb 20, 2015)

The following publishers (by Authenticode signature organization name) are related.

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.

Qihoo 360 Software (Beijing) Company Limited

Disc Soft Ltd

Wang Xin'gang

Xing Wang

ShenZhen Thunder Networking Technologies Ltd.

Chongqing Yifei Technology Co., Ltd.

Zhuhai Kingsoft Office Software Co.,Ltd

CPUID

BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.

Shenzhen QVOD Technology Co.,Ltd

Tencent Technology(Shenzhen) Company Limited

重庆天极网络有限公司

Burnaware

Krzysztof Kowalczyk

悠然天地科技有限公司

Foxit Software Incorporated

Wiziple software

BeiJing Baidu Netcom Science Technology Co., Ltd

SANDBOXIE L.T.D

上海广乐网络科技有限公司

GuangZhou KuGou Computer Technology Co.,Ltd.

Guangzhou Tieren Network Technology Co.,Ltd.

Connectify

GRETECH

Maanshan Zhiye Software Technology Co.,Ltd.

Xiao Fei

北京悠然天地科技有限公司

sina.com Technology(China)Co.,ltd

Shenzhen Thinksky Technology Co.,Ltd

30 of 45 publishers

* Note, the details and description above are based on the code signing digital signature issued to Riyue peer information technology (Beijing) Co., Ltd by Thawte, Inc. on February 02, 2015 with the serial number '6ffbc290fccd68d68a5aab6bb6e783d4'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.