home

Shan Feng

Publisher Information

Shan Feng is a software developer located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 41 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
10/23/2015 2:00:00 AM

Valid to:
10/23/2016 1:59:59 AM

Subject:
CN=Shan Feng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5bf17fb97476f1da0d6f0ce492b01cd5

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Elex.ShanFeng (M), PUP.Elex (M), PUP.Elex.ShanFeng.Installer (M)
92.00%

AVG
Generic
26.00%

Microsoft Security Essentials
Threat.Undefined
8.00%

Norman
Gen:Variant.Adware.Ghoskwa.1
8.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Ghoskwa
6.00%

F-Secure
Variant.Adware.Ghoskwa
6.00%

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
4.00%

Vba32 AntiVirus
BScope.Trojan-Dropper.Injector, suspected of Trojan.Downloader.gen.h
4.00%

Dr.Web
Trojan.Chrome.61, Adware.Mutabaha.1105
4.00%

Kaspersky
not-a-virus:RiskTool.Win32.Ghokswa
2.00%

1 / 68      (PUP)
chrome_child.dll (crxbro by The crxbro Authors)  (4ccbfeb0866a1560d327dcf4956fcc21)

1 / 68      (PUP)
tmp0000000cb5db1c71ea001f9c  (b460cccf1de4110a8d1254ea4446f651)

1 / 68      (PUP)
wow_helper.exe  (dab80cd1d9b98d983d37aebf59f7201f)

1 / 68      (PUP)
pepflashplayer.dll (Shockwave Flash by Adobe Systems)  (2cf9092c35f3594a92951bad14480451)

1 / 68      (PUP)
updatehelper.dll  (34401cdf1c85ccc00f37e45e9d16226a)

1 / 68      (PUP)
chrome_elf.dll (crxbro by The crxbro Authors)  (a08e6ad4fbd8dd299105afde40983d61)

1 / 68      (PUP)
chrome.exe (crxbro by The crxbro Authors)  (515cc343994bcef44603a506ada6fd37)

1 / 68      (PUP)
uninstall.exe  (5688435e2542327d8d3abd61a5510e34)

1 / 68      (PUP)
d3dcompiler_47.dll (Direct3D HLSL Compiler for Redistribution by Microsoft)  (4a68363cf0fa4a1aa7312cce4cf025c0)

1 / 68      (PUP)
browserserver.exe  (7ab588af2aed61693908d53909941b5a)

1 / 68      (PUP)
wow_helper.exe  (fc710ac4977af47eaa63a5c3faf7b3a5)

1 / 68      (PUP)
delegate_execute.exe (Ghokswa by The Ghokswa Authors)  (ce2d14f7d61a7d919071d7b965b0b830)

1 / 68      (PUP)
uninstall.exe  (986efa4e1c396f83acce5838c47d3dff)

3 / 68      (PUP)
chrome.exe (Ghokswa by The Ghokswa Authors)  (7a2c2d5ac9af58e2fb3a453dd7284f73)

4 / 68      (PUP)
browserserver.exe  (be4fc09588f9ca0087e6efc543c7f156)

1 / 68      (PUP)
chrome_child.dll (crxbro by The crxbro Authors)  (168a7e2b0773246d4318edff853d6862)

5 / 68      (PUP)
không được xác nhận 353154.crdownload (Ghokswa by The Ghokswa Authors)  (4f2de6f380cd839cfe07f4429a13892b)

6 / 68      (PUP)
chrome.exe (crxbro by The crxbro Authors)  (213309b7b35e2fa2373d0517fe443d56)

1 / 68      (PUP)
chrome_child.dll (crxbro by The crxbro Authors)  (007aada28c98b66a2b4dd929bf1f11bf)

1 / 68      (PUP)
pepflashplayer.dll (Shockwave Flash by Adobe Systems)  (05ef32fb06bee9a915598c736988db54)

1 / 68      (PUP)
chrome.dll (Ghokswa by The Ghokswa Authors)  (8f800625d258728b7d4baebfe4c5c511)

1 / 68      (PUP)
p.exe  (73ae41943d374d80ec94e2506e59dae9)

1 / 68      (PUP)
chrome.exe (crxbro by The crxbro Authors)  (515cc343994bcef44603a506ada6fd37)

2 / 68      (PUP)
updatehelper.dll  (2ea8bd233bcf553cf46c24f9c7b9a77e)

2 / 68      (PUP)
wow_helper.exe  (a4c1d94dcf08026165de7b9f49550ec4)

2 / 68      (PUP)
metro_driver.dll (crxbro by The crxbro Authors)  (befc3b50cc202fe6789ba88347bc308b)

2 / 68      (PUP)
libexif.dll  (5b968214709a5c748136b2e2c6549392)

3 / 68      (PUP)
delegate_execute.exe (crxbro by The crxbro Authors)  (d4795626311e69b04e5914a7c9302ce5)

4 / 68      (PUP)
uninstall.exe  (9c439e3ebb22bb973bb3b943e4ae8df7)

2 / 68      (PUP)
browserserver.exe  (e7289c74a4a8d9063b297879f100c1dd)

 
Latest 30 of 106 files

The certificates below are also signed by Shan Feng.

10E8EA72873C1A4347E5813D1FE0A05C  (Aug 11, 2016 to Feb 04, 2017)

242D96896F7EF64949F22CD9EFD64827  (Jul 25, 2016 to Feb 04, 2017)

28DADC8449221F06B81DB69FD5E7591E  (Aug 29, 2016 to Feb 04, 2017)

79CE98CB8A09C8CEA16D7985427B276C  (Aug 25, 2016 to Feb 04, 2017)

1B853FB691BA9396C7738041A583DCD1  (May 06, 2016 to Feb 04, 2017)

35000007A9C98043CA459BAC1DA3B29C  (Feb 04, 2016 to Feb 04, 2017)

6D191BE004B8E4146D7EC4DE335D968E  (Jun 29, 2016 to Feb 04, 2017)

0118F7941D97E0F6E5242F1F02BD179B  (Sep 01, 2016 to Feb 04, 2017)

0971F729CC27C83CF41337E98CBD88A1  (Jul 28, 2016 to Feb 04, 2017)

1BE68A2F1793C12BE67FDE60C6531903  (Jun 01, 2016 to Feb 04, 2017)

10 of 41 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Shan Feng by thawte, Inc. on October 23, 2015 with the serial number '5bf17fb97476f1da0d6f0ce492b01cd5'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.