home

Shan Feng

Publisher Information

Shan Feng is a software developer located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 41 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
6/1/2016 2:00:00 AM

Valid to:
2/4/2017 12:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1be68a2f1793c12be67fde60c6531903

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Elex.ShanFeng (M), PUP.Elex (M)
96.00%

Dr.Web
Adware.Mutabaha.1363
24.00%

ESET NOD32
Win32/ELEX.IL potentially unwanted application
12.00%

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.00%

Qihoo 360 Security
QVM19.1.Malware.Gen
4.00%

F-Prot
W32/Virut.AI!Generic (damaged)
4.00%

VIPRE Antivirus
Threat.4150696
4.00%

1 / 68      (PUP)
cupblueupdate.exe (Cupblue)  (c5e70bb6675105c0839e4bc16bee80f7)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (1cf491bc86015bd36a32778a18f032e3)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

2 / 68      (PUP)
cupblueupdate.exe (Cupblue)  (65fffe711aa19b1da31a82f3a91cabff)

1 / 68      (PUP)
goopdateres_hl_482.dll  (11dcf274706f7223d92a49294d99af0d)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (b6afb7b401626dceb6a41e322eee8f39)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (0834f35656acef05d6a89240ae2bb5a6)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (e3fc0a307c2ffc790759ea35f872ef84)

1 / 68      (PUP)
cupblueupdate.exe (Cupblue)  (2087f67ab3ddc2bfd470853bd51021fb)

1 / 68      (PUP)
cupblueupdate.exe (Cupblue)  (ae03bad3100c982d0c65a882823c5356)

3 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (9106c41f6cd09e37cf2a4ab0ac88fa9b)

3 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (1153c77a8cd6a7db76f945027039f4e0)

3 / 68      (inconclusive)
hipbearupdate.exe (Hipbear)  (95ff0767cd97534871f6ed939d2df2dc)

4 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (171c07277adc9ad71313d5df85e5eed2)

1 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (73f1f62f97056d2a5e2e2dffa3a302d4)

1 / 68      (PUP)
hipbearupdate.exe (Hipbear)  (0834f35656acef05d6a89240ae2bb5a6)

1 / 68      (PUP)
goopdateres_hl_482.dll  (572acada880eeec97317e0d2a98c58fd)

1 / 68      (PUP)
birdkissupdate.exe (Birdkiss)  (207ec3b1b8cb5b471f6ec5a3b113fe4e)

1 / 68      (PUP)
goopdateres_hl_482.dll  (94459ce63b158fbf1b4db36be8af27f6)

3 / 68      (PUP)
cupblueupdate.exe (Cupblue)  (c5e70bb6675105c0839e4bc16bee80f7)

Downloads URLs for files signed by Shan Feng.

1 / 68      (PUP)
http://img.rafomedia.com/gour/.../goopdateres_hl_482.dll  (goopdateres_hl_482.dll)

The following websites host and distribute files published by Shan Feng.

img.rafomedia.com

The certificates below are also signed by Shan Feng.

10E8EA72873C1A4347E5813D1FE0A05C  (Aug 11, 2016 to Feb 04, 2017)

242D96896F7EF64949F22CD9EFD64827  (Jul 25, 2016 to Feb 04, 2017)

28DADC8449221F06B81DB69FD5E7591E  (Aug 29, 2016 to Feb 04, 2017)

79CE98CB8A09C8CEA16D7985427B276C  (Aug 25, 2016 to Feb 04, 2017)

1B853FB691BA9396C7738041A583DCD1  (May 06, 2016 to Feb 04, 2017)

35000007A9C98043CA459BAC1DA3B29C  (Feb 04, 2016 to Feb 04, 2017)

6D191BE004B8E4146D7EC4DE335D968E  (Jun 29, 2016 to Feb 04, 2017)

0118F7941D97E0F6E5242F1F02BD179B  (Sep 01, 2016 to Feb 04, 2017)

0971F729CC27C83CF41337E98CBD88A1  (Jul 28, 2016 to Feb 04, 2017)

1E0B09DF909872878FE0B80F0261614E  (Jun 14, 2016 to Feb 04, 2017)

10 of 41 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Zhiming Yuan

Yupeng Zhang

Sice Xing

Wei Liu

Shanghai Yuntong Technology Co., Ltd.

Shulan Hou

* Note, the details and description above are based on the code signing digital signature issued to Shan Feng by thawte, Inc. on June 01, 2016 with the serial number '1be68a2f1793c12be67fde60c6531903'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.