home

Shan Feng

Publisher Information

Shan Feng is a software developer located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 41 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
2/4/2016 1:00:00 AM

Valid to:
2/4/2017 12:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35000007a9c98043ca459bac1da3b29c

Scanner detections:
Detections  (92% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Elex.ShanFeng (M), PUP.Elex.ShanFeng.Installer (M), PUP.Elex (M), Adware.Bundler (M)
88.00%

Dr.Web
Adware.Mutabaha.1118, Adware.Mutabaha.1111, Adware.Mutabaha.1252, Trojan.Encoder.3833
24.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Ghoskwa, Gen:Variant.Ransom.EncRaas
8.00%

McAfee
Artemis!F28F3804E942, Trojan.Artemis!1A4FB2380048, Trojan.Artemis!7724594F3983, Artemis!92E821F56B8B
8.00%

avast!
Win32:Adware-gen [Adw]
6.00%

ESET NOD32
Win32/Filecoder.EZ trojan, Win32/ELEX.HJ potentially unwanted application
6.00%

MicroWorld eScan
Gen:Variant.Adware.Ghoskwa.1
4.00%

Bitdefender
Gen:Variant.Adware.Ghoskwa.1
4.00%

Lavasoft Ad-Aware
Gen:Variant.Adware.Ghoskwa.1
4.00%

F-Secure
Gen:Variant.Adware.Ghoskwa
4.00%

1 / 68      (PUP)
googleupdatesetup.exe  (5641c5e7abeff7e666071d1f0acde904)

1 / 68      (PUP)
win_defe.exe (Install by Develop)  (9a95ff6cd1de5fb76bc0f7f55bb2889d)

1 / 68      (PUP)
173323c5df9ea26178173891b8c3c873.exe (Installer by Airware)  (173323c5df9ea26178173891b8c3c873)

1 / 68      (PUP)
gg.exe (Install by Develop)  (f80156c7d714d7dca07a400858d75695)

1 / 68      (PUP)
wps office pro v10.8.0.5648 vba.exe (Kingsoft Office by Kingsoft)  (ef8e4c845a86dae48c1c0db6c548e8d9)

3 / 68      (PUP)
tmp00000007271887c5e513e704  (2125fd284f893d6aadf68a4dd87c6be2)

1 / 68      (PUP)
2rsf__vh (Installer by Airware)  (b697e915fa566c2e4a7e46f7239bddf9)

1 / 68      (PUP)
ywfgzs8u (Installer by Airware)  (eaffa2004e376fc7088d8a057b15370b)

3 / 68      (PUP)
icloudcheck.exe  (2314646e097c794086a2054544ed3ab4)

1 / 68      (PUP)
drgim.exe (Install by Fieldtech)  (a05d5d6871e9959ec3ddc6470cd52163)

4 / 68      (PUP)
yvqxx.exe (Install by Fieldtech)  (fe4a10419d803924449ee65fab74c09d)

1 / 68      (PUP)
{blocked}.exe (Install by Fieldtech)  (23e8c6fd92f7c14c311ea6c458aa2156)

1 / 68      (PUP)
[www.wuleba.com]wps office pro_v10.8.0.5648.exe (Kingsoft Office by Kingsoft)  (fe4c61dc58c8ad6e3ae3f1b64ad8cfc3)

4 / 68      (inconclusive)
factuur 006634358-0084513.pdf.exe  (92e821f56b8b0ae819c05c0f2ac9b24f)

3 / 68      (PUP)
setup.exe (Install by Develop)  (a4f200615c1075e96795b568ebc33c1c)

1 / 68      (PUP)
slygmmdfwnn.exe (Install by Develop)  (3251939530963e3354ed23435fe189d4)

3 / 68      (PUP)
23666.exe (Install by Develop)  (7724594f3983a6a25d889601f18673e1)

3 / 68      (PUP)
62684.exe (Install by Develop)  (1a4fb2380048b7d334004942a6691e5d)

1 / 68      (PUP)
iran_film_xxx.exe (Install by Develop)  (33a0017aa3e0d461dcb8ee21989381c6)

1 / 68      (PUP)
jendeh_kos.exe (Install by Develop)  (0a3ac52766da45d45d923a01bc88d58e)

3 / 68      (PUP)
keygen.exe (Install by Develop)  (409afdef79729d7d66937de28232b066)

2 / 68      (PUP)
rad2f851.tmp.exe (Install by Develop)  (fab685245476002045130549b843efa3)

14 / 68    (PUP)
firefxs.exe (Install by Develop)  (f28f3804e942556ab3125278410a11f0)

1 / 68
libGLESv2.dll (ANGLE libGLESv2 Dynamic Link Library)  (2d1d01ccd28a6f969f109d1a83d9fad6)

4 / 68      (PUP)
chrome.exe (fdFFHBX by The fdFFHBX Authors)  (58f0c1ab8808949f8739c2d490910995)

1 / 68      (PUP)
chrome_child.dll (fdFFHBX by The fdFFHBX Authors)  (158a389730364af51a66bfd2bbec98a6)

1 / 68      (PUP)
chrome.exe (jNBerdh by The jNBerdh Authors)  (d4d71119d8174395f3b1d33d5c2ba2a5)

2 / 68      (PUP)
googleupdatesetup.exe  (b0dd031309c9098fdfac050f62929b13)

3 / 68      (PUP)
googleupdate.exe  (c93a6c2bd5c6e726979ea29e82340f09)

1 / 68      (PUP)
goopdateres_sk.dll  (3d5cfdefa9a5f2459400c9abe0d25b42)

 
Latest 30 of 111 files

The certificates below are also signed by Shan Feng.

10E8EA72873C1A4347E5813D1FE0A05C  (Aug 11, 2016 to Feb 04, 2017)

242D96896F7EF64949F22CD9EFD64827  (Jul 25, 2016 to Feb 04, 2017)

28DADC8449221F06B81DB69FD5E7591E  (Aug 29, 2016 to Feb 04, 2017)

79CE98CB8A09C8CEA16D7985427B276C  (Aug 25, 2016 to Feb 04, 2017)

1B853FB691BA9396C7738041A583DCD1  (May 06, 2016 to Feb 04, 2017)

6D191BE004B8E4146D7EC4DE335D968E  (Jun 29, 2016 to Feb 04, 2017)

0118F7941D97E0F6E5242F1F02BD179B  (Sep 01, 2016 to Feb 04, 2017)

0971F729CC27C83CF41337E98CBD88A1  (Jul 28, 2016 to Feb 04, 2017)

1BE68A2F1793C12BE67FDE60C6531903  (Jun 01, 2016 to Feb 04, 2017)

1E0B09DF909872878FE0B80F0261614E  (Jun 14, 2016 to Feb 04, 2017)

10 of 41 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Shan Feng by thawte, Inc. on February 04, 2016 with the serial number '35000007a9c98043ca459bac1da3b29c'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.