home

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03444231c5cc0150bb1c3ee61168afd1

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ma Lin.ShulanHou (M), PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M)
100.00%

Malwarebytes
PUP.Optional.MyStartSearch.A, PUP.Optional.IStartSurf.A, PUP.Optional.IStartsurf.A, PUP.Optional.OurSeaching.A, PUP.Optional.MyStartSearch.ShrtCln
44.00%

ESET NOD32
Win32/ELEX.CL potentially unwanted (variant), Win32/ELEX.EC potentially unwanted (variant)
44.00%

Bkav FE
W32.HfsAdware
36.00%

Baidu Antivirus
Adware.Win32.ELEX
36.00%

Dr.Web
Adware.Mutabaha.316, Adware.Mutabaha.306, Adware.Mutabaha.508, Adware.Mutabaha.509
32.00%

Agnitum Outpost
Riskware.Agent
20.00%

K7 AntiVirus
Adware
20.00%

MicroWorld eScan
Application.Elex.D, Gen:Application.Elex.1
16.00%

Bitdefender
Application.Elex.D, Gen:Application.Elex.1
16.00%

1 / 68      (Adware)
adv_76.exe (4023_ima_mystartsearch by HTabp.com)  (04ca8f735a2276cb599a16012fb58972)

1 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (8798dc28f5c1bd67b1ed8be46e69ebce)

1 / 68      (Adware)
cvs_mystartsearch.exe (3976_cvs_mystartsearch by Welnk.com)  (0539555593ccd109f8c6bd810034aec8)

1 / 68      (Adware)
lly1_istartsurf.exe (4030_tug1_istartsurf by Welnk.com)  (321680322497dde6c8edb34e3e2459df)

1 / 68      (Adware)
8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe (4031_pcm_istartsurf by Welnk.com)  (797ee8161a4df405f9f805690ad1ae84)

1 / 68      (Adware)
adv_76.exe (4023_ima_mystartsearch by HTabp.com)  (e2e800ced2adf2022ee229b9567706bf)

22 / 68    (Adware)
lly_mystartsearch.exe (4011_tugs_mystartsearch by Synergy (32-bit))  (2efacc73eaa9a8eed4cafcb248913dcf)

1 / 68      (Adware)
oursurfing.exe (3973_2sq1_oursurfing by Welnk.com)  (bd92f61788c1cb61cc9eef7d66a68214)

1 / 68      (Adware)
8haz29jy9vdt3rutksg1dik8haz29jy9vdt3rutksg1dik_a9.exe (3815_pcm_istartsurf by WiLink.com)  (bc9e17d1b3019841d24ab9a55fd71b63)

12 / 68    (Adware)
lly_istartsurf.exe (4010_tugs_istartsurf by Synergy (32-bit))  (c264770bfc0bb1b44bc7535f334ec675)

4 / 68      (Adware)
lly_mystartsearch.exe (4024_tugs_mystartsearch by Welnk.com)  (b56afea767654bf941451b997231950c)

7 / 68      (Adware)
amt_oursurfing.exe (4038_amt_oursurfing by Welnk.com)  (1f0a8f5c2ab5917e199d48289d551799)

7 / 68      (Adware)
adv_76.exe (4037_ima_mystartsearch by Welnk.com)  (f12cf4eeeca3643ba8dd3a07f35726cb)

1 / 68      (Adware)
0p1m8l01stw==1.exe (4026_2sq_oursurfing by Welnk.com)  (e57f5295bad0a740901ce138813b3be9)

4 / 68      (Adware)
lly_istartsurf.exe (4025_tugs_istartsurf by Welnk.com)  (43bb9cc7a09406c2dbfeb693d36c1e26)

1 / 68      (Adware)
oursurfing.exe (3973_2sq1_oursurfing by Welnk.com)  (3fd241e115b94d3e6ea57db5d96f7495)

8 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (0495b8d0a74ac023fd7266cc475c4425)

1 / 68      (Adware)
lly_mystartsearch.exe (3921_tugs_mystartsearch by WiLink.com)  (b567c67fa82bed724b72cdf8fc22be62)

1 / 68      (Adware)
amt_omniboxes.exe (3950_amt_omniboxes by HTabp.com)  (4838170ab73f33d412e6b8f697275d2e)

8 / 68      (Adware)
amt_oursurfing.exe (3951_amt_oursurfing by HTabp.com)  (87e423eb17836b7eafc2291e9d4d5113)

16 / 68    (Adware)
lly_istartsurf.exe (3923_tugs_istartsurf by WiLink.com)  (7cbcb4b4c57633231217f3c23eb20cf9)

8 / 68      (Adware)
adv_46.exe (3421_ima_istartsurf by HTabp.com)  (cdf5a4273a356d60b42c37f76e570c1b)

1 / 68      (Adware)
lly1_istartsurf.exe (3807_tug1_istartsurf by WiLink.com)  (a9902cbda51fdc17e3f5b3522fa1fbb1)

15 / 68    (Adware)
adv_76.exe (3809_ima_mystartsearch by WiLink.com)  (2f42285d6cd57fdbd424f3043a652a39)

1 / 68      (Adware)
0pljatvnq1.exe (3808_2sq_oursurfing by WiLink.com)  (529703484105adeaa808f01fa219c6e2)

Downloads URLs for files signed by Shulan Hou.

1 / 68      (Adware)
http://2ndrequest.me/.../310714_a9.exe  (bc9e17d1b3019841d24ab9a55fd71b63)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (e57f5295bad0a740901ce138813b3be9)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (b567c67fa82bed724b72cdf8fc22be62)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (797ee8161a4df405f9f805690ad1ae84)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (529703484105adeaa808f01fa219c6e2)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (b56afea767654bf941451b997231950c)

22 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (2efacc73eaa9a8eed4cafcb248913dcf)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (43bb9cc7a09406c2dbfeb693d36c1e26)

16 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (7cbcb4b4c57633231217f3c23eb20cf9)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (a9902cbda51fdc17e3f5b3522fa1fbb1)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (c264770bfc0bb1b44bc7535f334ec675)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (bc9e17d1b3019841d24ab9a55fd71b63)

The following websites host and distribute files published by Shulan Hou.

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F  (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Taiming Li

Fuyuan Zhou

Xiaoqing Liu

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Yuxin WANG

Search Vortex

Giner Tech Inc

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '03444231c5cc0150bb1c3ee61168afd1'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.