home

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01ab89170db813e7b0ca42802a84fe84

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Ma Lin.ShulanHou, PUP.Ma Lin.ShulanHou, PUP.Ma Lin.ShulanHou (M), PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX (M)
100.00%

Bkav FE
W32.HfsAdware
63.16%

Dr.Web
Adware.Mutabaha.325, Win32.Virut.56, Adware.Mutabaha.335, Adware.Mutabaha.306, Adware.Mutabaha.288, Adware.Mutabaha.325, Adware.Mutabaha.316
63.16%

Malwarebytes
PUP.Optional.IStartsurf.A, PUP.Optional.LuckySearches.A, PUP.Optional.MyStartSearch.A, PUP.Optional.IStartSurf.A, PUP.Optional.Omniboxes.A
57.89%

Baidu Antivirus
PUA.Win32.LiMo, Adware.Win32.ELEX
57.89%

herdProtect (fuzzy)
a variant of e6cd7d2ae1f38dc0ae51bddf8a530db8852d1f97, a variant of 1229b0150474905f389cd8f8b17898ef557d81ef, a variant of 9d08188ea935e33368c58f9bc6b8d34cfda725c1
52.63%

Agnitum Outpost
PUA.Downloader, Riskware.Agent
47.37%

K7 AntiVirus
Unwanted-Program , Adware , Trojan
42.11%

Sophos
nbsp;
39.47%

NANO AntiVirus
Riskware.Win32.Mutabaha.dqesbj
36.84%

1 / 68      (Adware)
tsi_omniboxes.exe (3555_tsi_omniboxes by HTabp.com)  (8980171f52727c82b111b9ee30b7406a)

1 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (1f070769ebbd06f5da27b19376cc8a43)

1 / 68      (Adware)
cvs2_mystartsearch.exe (3495_cvs2_mystartsearch by BaiSix)  (a9b3082d2e643754749e09f9fd7a27fd)

1 / 68      (Adware)
wnf_mystartsearch.exe (3534_wnf_mystartsearch by BaiSix)  (b91bad74a2cbef60677ca36a9ff9b786)

1 / 68      (Adware)
smt_mystartsearch.exe (3427_smt_mystartsearch by HTabp.com)  (baaa124e1ef21f97212ad46a095aab05)

1 / 68      (Adware)
smt_istartsurf.exe (3562_smt_istartsurf by HTabp.com)  (5ab57e94b6e2508d7fa4b4d334fd62c5)

1 / 68      (Adware)
lly_mystartsearch.exe (3469_tugs_mystartsearch by BaiSix)  (78980b746143d26abbba0262a4241ea3)

1 / 68      (Adware)
BaiSix.exe (3456_amt_luckysearches by BaiSix)  (fed8c1210d77e8adeafb6803428a2550)

1 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (30a0771e48e3737d576cecb7bf657292)

1 / 68      (Adware)
amt_luckysearches.exe (3571_amt_luckysearches by HTabp.com)  (b7f9dce263cdfd71cf19386b94b1cea9)

1 / 68      (Adware)
unt34.tmp.exe (3490_epom1_omniboxes by BaiSix)  (3af70715855edacdf06f2f2f202bdf2c)

1 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (819e3288ca44afef48415483a13d3b85)

1 / 68      (Adware)
lly1_istartsurf.exe (3486_tug1_istartsurf by BaiSix)  (bf9651a901c7c411eee251029068e52a)

1 / 68      (Adware)
2sq_oursurfing.exe (3585_2sq_oursurfing by BaiSix)  (3e5eeb1d243924203671fafd58cbb826)

19 / 68    (Adware)
cvs_mystartsearch.exe (3493_cvs_mystartsearch by BaiSix)  (148bdbdcbac38fbf0b4d3c145e9b0199)

15 / 68    (Adware)
istartsurfp_soft_partner.exe (3524_brd_istartsurf by BaiSix)  (174ea82f5c28602041e0d8f57ddd34c9)

17 / 68    (Adware)
BaiSix.exe (3583_amt_oursurfing by BaiSix)  (f1794dd9b1cf977fd0bb2227dc5b690c)

16 / 68    (Adware)
unt30f1.tmp.exe (3489_epom_omniboxes by BaiSix)  (3f211ae2c3c0a57425d263f3709628f0)

8 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (0ff1645a729e294e7efb1aa282991de6)

14 / 68    (Adware)
lly_mystartsearch.exe (3459_tugs_mystartsearch by BaiSix)  (138d9503092c27d24a06200e7be0c5bb)

19 / 68    (Adware)
BaiSix.exe (3455_amt_omniboxes by BaiSix)  (7b882747475f32fec3ffb110048ac435)

8 / 68      (Adware)
smt_luckysearches.exe (3483_smt_luckysearches by HTabp.com)  (6666f40f7c23ff587de12f5922a2a36e)

15 / 68    (Adware)
lly_istartsurf.exe (3460_tugs_istartsurf by BaiSix)  (70d128ec8e5310f5521c5d11f14a0e9e)

9 / 68      (Adware)
amt_omniboxes.exe (3570_amt_omniboxes by HTabp.com)  (d36b5dbbfba4c64f2d8d94fd32a42142)

10 / 68    (Adware)
adv_46.exe (3421_ima_istartsurf by HTabp.com)  (fab891396c57014de6e3a65e749ab1dd)

14 / 68    (Adware)
untdba3.tmp.exe (3492_epom3_omniboxes by BaiSix)  (eb40a13b3fd11b79d8be92ae3719f058)

15 / 68    (Adware)
lly_istartsurf.exe (3468_tugs_istartsurf by BaiSix)  (6c0d38d9f2c83202dca8a2356e42a5c9)

12 / 68    (Adware)
lly_mystartsearch.exe (3459_tugs_mystartsearch by BaiSix)  (0b4ef1bb961cb076a3f8a25b59310130)

18 / 68    (Adware)
amt_luckysearches.exe (3456_amt_luckysearches by BaiSix)  (e8294b6baa62a2143365c9eed47cabb3)

9 / 68      (Adware)
smt_luckysearches.exe (3552_smt_luckysearches by HTabp.com)  (570bc5cb165c2e376ace84e1631eb7f6)

 
Latest 30 of 38 files

Downloads URLs for files signed by Shulan Hou.

14 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (138d9503092c27d24a06200e7be0c5bb)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (0b4ef1bb961cb076a3f8a25b59310130)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (bf9651a901c7c411eee251029068e52a)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (3e5eeb1d243924203671fafd58cbb826)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (492ffd2f60217705b0557a3c0ad3cb43)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (6c0d38d9f2c83202dca8a2356e42a5c9)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_luckysearches.exe  (8f2944fc5c83fb6e23584a7165de91b9)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (70d128ec8e5310f5521c5d11f14a0e9e)

The following websites host and distribute files published by Shulan Hou.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F  (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Taiming Li

Fuyuan Zhou

Xiaoqing Liu

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '01ab89170db813e7b0ca42802a84fe84'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.