home

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0556596736bf2d2deb3bc21e5d02e7ce

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Ma Lin.ShulanHou, PUP.Ma Lin.ShulanHou, PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX (M)
100.00%

Baidu Antivirus
Adware.Win32.ELEX, PUA.Win32.LiMo
73.91%

Bkav FE
W32.HfsAdware
69.57%

Malwarebytes
PUP.Optional.IStartSurf.A, PUP.Optional.IStartsurf.A, PUP.Optional.MyStartSearch.A, PUP.Optional.Omniboxes.A
65.22%

herdProtect (fuzzy)
a variant of 4cf8de9d25e0b7e8905dcc15d143994af8c8a64d, a variant of e6cd7d2ae1f38dc0ae51bddf8a530db8852d1f97, a variant of 38545553b120e1a5277dbab483d5f0a842a2e470
65.22%

Agnitum Outpost
Riskware.Agent, PUA.Downloader
65.22%

Dr.Web
Adware.Mutabaha.306, Adware.Mutabaha.325, Adware.Mutabaha.335, Adware.Mutabaha.330
65.22%

Sophos
Elex, PUA 'Elex' (of type Adware)
52.17%

K7 AntiVirus
Unwanted-Program , Trojan , Adware
52.17%

NANO AntiVirus
Riskware.Win32.Mutabaha.dqesbj, Riskware.Win32.Mutabaha.drhslp
47.83%

1 / 68      (Adware)
setup.exe  (bd4a1751c5205b0b1ff2eaeabd3a9164)

1 / 68      (Adware)
cvs5_mystartsearch.exe (3498_cvs5_mystartsearch by BaiSix)  (8fb11154495c0404196f0624cefab3e6)

1 / 68      (Adware)
cvs2_mystartsearch.exe (3495_cvs2_mystartsearch by BaiSix)  (29110e98321de8a3769e68076830aa39)

1 / 68      (Adware)
adv_76.exe (3419_ima_mystartsearch by HTabp.com)  (5195a25ed277acf38fe2166665288e4a)

1 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (2809393c219043026c41f212405b0373)

1 / 68      (Adware)
cvs_mystartsearch.exe (3493_cvs_mystartsearch by BaiSix)  (6f9df197e630df9d1de946cef71f943c)

1 / 68      (Adware)
adv_46.exe (3421_ima_istartsurf by HTabp.com)  (8d9c2f8d3c8b1c500dd071da41b0fead)

18 / 68    (Adware)
lly_mystartsearch.exe (3459_tugs_mystartsearch by BaiSix)  (a7297b7498fa82583e3b84cc5740bb7e)

18 / 68    (Adware)
mystartsearch.exe (3530_sky_mystartsearch by BaiSix)  (8ad165ef66a71da67cbb3f96b589615a)

13 / 68    (Adware)
unt2dcf.tmp.exe (3490_epom1_omniboxes by BaiSix)  (9edf4e4e70f18061249cc754ffb37f85)

17 / 68    (Adware)
unte8b.tmp.exe (3489_epom_omniboxes by BaiSix)  (689ddd4d711131c0b1d56782bd1899b4)

16 / 68    (Adware)
unt7e88.tmp.exe (3491_epom2_omniboxes by BaiSix)  (adb09df016ef0c243f1905e54f5df54e)

16 / 68    (Adware)
lly1_istartsurf.exe (3486_tug1_istartsurf by BaiSix)  (46cd802bc8fae7dc432e75d576e784da)

16 / 68    (Adware)
2sq_luckysearches.exe (3476_2sq_luckysearches by BaiSix)  (008f56b2e787bd99d0ed86317ea1d3f0)

16 / 68    (Adware)
unt3d3a.tmp.exe (3492_epom3_omniboxes by BaiSix)  (573e1052743480118a9ea55ddbf37fc6)

15 / 68    (Adware)
lly_istartsurf.exe (3460_tugs_istartsurf by BaiSix)  (6a50a1fb779e88b7f1905a67ab50e6ac)

15 / 68    (Adware)
amt_omniboxes.exe (3455_amt_omniboxes by BaiSix)  (9c2741551bc793a76b001393ef8017ff)

10 / 68    (Adware)
adv_76.exe (3419_ima_mystartsearch by HTabp.com)  (551610faed18b6c391af953387ce70e9)

10 / 68    (Adware)
56pcgkpbsqndawxeprcg95wn84mp256pcgkpbsqndawxeprcg95wn84mp2_a9.exe (3517_pcm_istartsurf by BaiSix)  (1b99adddd28023e61c2a23c13cd855cf)

8 / 68      (Adware)
smt_luckysearches.exe (3483_smt_luckysearches by HTabp.com)  (4ca81d6dd3ca6c9efe45acb4c25108c4)

10 / 68    (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (d851e6f35015abef9a726b0738dded8b)

13 / 68    (Adware)
BaiSix.exe (3456_amt_luckysearches by BaiSix)  (23053943a17419bb0aaf3015e246c966)

8 / 68      (Adware)
smt_mystartsearch.exe (3427_smt_mystartsearch by HTabp.com)  (eb672d61fdfd5c240f93c5253575c01d)

Downloads URLs for files signed by Shulan Hou.

16 / 68    (Adware)
http://113.171.224.213/.../2sq_luckysearches.exe  (008f56b2e787bd99d0ed86317ea1d3f0)

18 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (a7297b7498fa82583e3b84cc5740bb7e)

10 / 68    (Adware)
http://4threquest.me/.../310714_a9.exe  (1b99adddd28023e61c2a23c13cd855cf)

16 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_luckysearches.exe  (008f56b2e787bd99d0ed86317ea1d3f0)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (6a50a1fb779e88b7f1905a67ab50e6ac)

The following websites host and distribute files published by Shulan Hou.

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F  (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Taiming Li

Fuyuan Zhou

Xiaoqing Liu

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Yuxin WANG

Search Vortex

Giner Tech Inc

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '0556596736bf2d2deb3bc21e5d02e7ce'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.