Riyue peer information technology (Beijing) Co., Ltd

Publisher Information

Riyue peer information technology (Beijing) Co., Ltd is a software publisher located in beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. There is one additional code signing certificate issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
2/2/2015 8:00:00 AM

Valid to:
4/3/2016 7:59:59 AM

Subject:
CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6ffbc290fccd68d68a5aab6bb6e783d4

Scanner detections:
Detections  (95% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.RiyuepeerinformationtechnologyBeijingCo.Installer (M), PUP.RiyuepeerinformationtechnologyBeijingCo (M), PUP.Riyuepee (M), PUP.Riyuepee.Installer (M), PUP (M)
82.93%

Dr.Web
Adware.Downware.10523
29.27%

IKARUS anti.virus
Trojan-Banker.Win32.Delf, Hoax.Win32.ArchSMS
26.83%

McAfee
Artemis!E9D4E1408C36, Artemis!6F7B06B13D81, Artemis!755E53E348A3, Artemis!6C7D62CD97EA, Artemis!0D1DC2436745, Artemis!A411EB7A4202
19.51%

ESET NOD32
Win32/Gaofenquming.A potentially unwanted (variant)
19.51%

AhnLab V3 Security
Downloader/Win32.Banload
17.07%

Bkav FE
W32.HfsAdware
17.07%

K7 AntiVirus
Adware
17.07%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
14.63%

Fortinet FortiGate
Riskware/Gaofenquming
14.63%

1 / 68      (Malware)

1 / 68
zlib1.dll (zlib)  (64a4d8f09817a4166377ae79c027dff1)

1 / 68      (Malware)
xhelper64.exe  (d9fa5b33ae983a40847526a06e914c97)

1 / 68      (Malware)
xHelper.exe  (955a08e0ef99cfca5f5c3e5f54fee61a)

1 / 68      (Malware)
utilities.dll (utilities)  (376e1a5e416a9a123d3bba7c8151702d)

1 / 68      (Malware)
translator.dll (translator)  (4f64f15fa73d54ea34b75787ae0c1bb0)

1 / 68      (Malware)
soui.dll (soui)  (6d32a388709224a289f3659bc684f288)

1 / 68      (Malware)
soui-sys-resource.dll (soui-sys-resource)  (cfd7abbf5c4dac83bd0fd6a81ff79770)

1 / 68      (Malware)
render-gdi.dll (render-gdi)  (6e3b403fe6c70b4f0e05a236530871c8)

1 / 68      (Malware)
plug_weather.dll  (bbc666627ae7c1fa3a8a91e98007d56a)

1 / 68      (Malware)
imgdecoder-png.dll (imgdecoder-png)  (dff9544f4227093dbdbe15d6cebbdc21)

1 / 68      (Malware)
CrashSender.exe  (3a73bbf0a32d0849f776ff2f6e24a257)

1 / 68      (Malware)
CrashRpt.dll  (eb96d4e51fc0c808c705a6a8c385fd10)

1 / 68      (Malware)
CalTool.dll  (78d147f37e44f22db365871f36feafb2)

1 / 68      (Malware)
calendardll64.dll  (6ca3ca9ecad9e117c69c45356761082c)

1 / 68      (Malware)
calendardll.dll  (bbe607eb8342a9842bc24c7f1709ff3b)

1 / 68      (Malware)

1 / 68      (Malware)

1 / 68      (PUP)
nsCalendar.dll  (af2020ed10fd776ec3cfb8ad5233e558)

1 / 68      (PUP)
calendar.exe  (de084194fe87b63682006fa5bc961e22)

2 / 68      (PUP)
nsCalendar.dll  (5ba174dda8a78f6133272bcbd258871a)

 
Latest 30 of 41 files

Downloads URLs for files signed by Riyue peer information technology (Beijing) Co., Ltd.

9 / 68      (PUP)

12 / 68    (PUP)
http://gs.mydown.yesky.com/downer_21@115235.exe  (0d1dc243674597343f2a82b97b2467ff)

6 / 68      (PUP)

1 / 68      (Malware)

12 / 68    (PUP)
http://gs.mydown.yesky.com/downer_21@11489693.exe  (0d1dc243674597343f2a82b97b2467ff)

4 / 68      (PUP)
http://static.72zx.com/.../setup_@24.exe  (f0cc0ce4116eba72037abf1afc39a383)

4 / 68      (PUP)
http://static.72zx.com/.../setup_@23.exe  (f0cc0ce4116eba72037abf1afc39a383)

6 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=1.0&name=RPGVXACE RTP&id=528005&token=b1316714070218d175484b478dc1c716  (木头超级字典生成器%28木头字典工具集%29 正式版_1@50061.exe)

6 / 68      (PUP)
http://www.onlinedown.net/.../index2.php?ver=1.10.1&name=Workrave&id=40679&token=aed13317ac67cb91bbf246a6f4bb1083  (木头超级字典生成器%28木头字典工具集%29 正式版_1@50061.exe)

 
Latest 30 of 30 download URLs

The following websites host and distribute files published by Riyue peer information technology (Beijing) Co., Ltd.

The following certificate is also signed by Riyue peer information technology (Beijing) Co., Ltd.

5EF67E737811F4602210D3F817327CE7  (Feb 20, 2014 to Feb 20, 2015)

The following publishers (by Authenticode signature organization name) are related.

30 of 45 publishers

* Note, the details and description above are based on the code signing digital signature issued to Riyue peer information technology (Beijing) Co., Ltd by Thawte, Inc. on February 02, 2015 with the serial number '6ffbc290fccd68d68a5aab6bb6e783d4'.