» Shulan Hou
Digital Signature
Analysis
Files (102)
Downloads (9)
Distribution (3)
Related (9)

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.

Authority:

DigiCert Inc

Valid from:

12/24/2014 1:00:00 AM

Valid to:

1/6/2016 1:00:00 PM

Subject:

CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

05dadb49cfea02922a80ef71f4fa3933

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.ShulanHou.Y, PUP.Ma Lin.ShulanHou, Threat.Ma Lin.ShulanHou, PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX (M)

100.00%

G Data

Gen:Application.Elex, Win32.Application.Elex

26.00%

MicroWorld eScan

Gen:Application.Elex.1

24.00%

Bitdefender

Gen:Application.Elex.1

24.00%

Dr.Web

Adware.Mutabaha.91, Adware.Mutabaha.84, Adware.Mutabaha.98, Adware.Mutabaha.94

22.00%

Qihoo 360 Security

Win32/Application.33e, HEUR/QVM10.1.Malware.Gen, HEUR/QVM41.1.Malware.Gen

22.00%

Lavasoft Ad-Aware

Gen:Application.Elex.1

20.00%

F-Secure

Gen:Application.Elex.1

20.00%

VIPRE Antivirus

Trojan.Win32.Generic, Threat.4150696, BehavesLike.Win32.Malware.sfd (mx-v)

18.00%

ESET NOD32

Win32/ELEX.BG (variant), Win32/LiMo (variant), Win32/ELEX.AZ potentially unwanted (variant), Win32/ELEX.EC potentially unwanted (variant)

16.00%

1 / 68 (Adware)

red_webssearches.exe (2067_red_webssearches by JWTab) (00752309444eae501d3cc53ba4ed8be2)

1 / 68 (Adware)

nsbca_v9.exe (2275_nsbca_v9 by One Syn) (5ffa121b009753a4c4cdb26536e8de21)

1 / 68 (Adware)

mystartsearch.exe (1859_sky_mystartsearch by JWTab) (b19294a6dc66b2bec2686451049dff80)

1 / 68 (Adware)

nsbfr_webssearches.exe (2331_nsbfr_webssearches by JWTab) (57a6a369735d4f449b86bf87b6326c44)

1 / 68 (Adware)

Worker.exe (2249_cvs4_webssearches by One Syn) (8019c65a0a693d21e44802a3226552d1)

1 / 68 (Adware)

red_webssearches.exe (2376_red_webssearches by JWTab) (17f505a4196942bf4160d834a5c45d9d)

1 / 68 (Adware)

ex.exe (2270_adc_omiga-plus by JWTab) (363ca176beadba27174aace7ce242d92)

1 / 68 (Adware)

Tab.exe (1904_uni_webssearches by JWTab) (29eb83daf0dd5e326acd46e857141b8a)

1 / 68 (Adware)

cvs2_webssearches.exe (2247_cvs2_webssearches by One Syn) (28aa4458d921d4301da6c15ac2009d8e)

1 / 68 (Adware)

sky_mystartsearch.exe (1859_sky_mystartsearch by JWTab) (01bc40d5ae5dc5fccd22ea67c75afec9)

1 / 68 (Adware)

nsbes_webssearches.exe (2332_nsbes_webssearches by JWTab) (613b3d9739c9ad06a797f0ae61da07a7)

1 / 68 (Adware)

omiga-plus.exe (2283_imru_omiga-plus by JWTab) (8842b089fcbad9e36c8330646648a9f9)

1 / 68 (Adware)

adv_76.exe (2370_ima_mystartsearch by TabMain) (b0c12bd2a11a5f2de84c1af9ed13a4a5)

1 / 68 (Adware)

sien_mystartsearch.exe (2131_sien_mystartsearch by JWTab) (f9238b68e661eeff54764faf6f63cd3b)

1 / 68 (Adware)

ex.exe (2354_adc_omiga-plus by TabMain) (3b21e7f5e153f535f768ff234a7dd818)

1 / 68 (Adware)

air_omiga-plus.exe (2325_air_omiga-plus by JWTab) (d8a1c18f78bc1283fcf3374d8fb2dbbe)

1 / 68 (Adware)

nsbit_webssearches.exe (2333_nsbit_webssearches by JWTab) (46e8aefc666a5c004b95aa3330705069)

1 / 68 (Adware)

adv_48.exe (1910_step_mystartsearch by JWTab) (879ec1797cc7448110a8f53c480f15c5)

1 / 68 (Adware)

vtt_mystartsearch.exe (2317_vtt_mystartsearch by JWTab) (e04b3cbd9790cf9e66ca402ab4a3ff3c)

1 / 68 (Adware)

ika_webssearches.exe (2254_ika_webssearches by JWTab) (cf335f43e90d263fcd1c2d5b2156808f)

1 / 68 (Adware)

scl_webssearches.exe (2322_scl_webssearches by NaNi) (d090af559bd032a8367a4550396aff0c)

1 / 68 (Adware)

bdo_mystartsearch.exe.mal (2382_bdo_mystartsearch by JWTab) (c5b4328fe217fbe22f9044019b16192d)

1 / 68 (Adware)

rbm_webssearches.exe (2035_rbm_webssearches by JWTab) (67be6917e18bc30f09c737933f52e61b)

1 / 68 (Adware)

rbm_omiga-plus.exe (2257_rbm_omiga-plus by JWTab) (ebdc0d3227a725d356a1f04fb6e923d3)

1 / 68 (Adware)

adv_48.exe (2316_step_mystartsearch by JWTab) (30f0d0e8e6662d36b26a375585b05c66)

1 / 68 (Adware)

adks_omiga-plus.exe (2055_adks_omiga-plus by JWTab) (30805767ff36a4e1b293d008b43c84d4)

1 / 68 (Adware)

lly_mystartsearch.exe (2267_tugs_mystartsearch by JWTab) (f2df65f70e1b6e9707671d98fcc4af13)

1 / 68 (Adware)

TabSyn.exe (2377_uni_webssearches by JWTab) (17d21903dce20a6dddfe154941cb319d)

1 / 68 (Adware)

obw_omiga-plus.exe (2305_obw_omiga-plus by NaNi) (8f4cefce34956bb93feccf8c47cb3ab0)

1 / 68 (Adware)

web searches.exe (2378_ika_webssearches by JWTab) (0b3681da2f1bc5340ccb8e70898916fa)

Latest 30 of 102 files

Downloads URLs for files signed by Shulan Hou.

1 / 68 (Adware)

http://www.girlwurina.com/.../uni_webssearches.exe (17d21903dce20a6dddfe154941cb319d)

1 / 68 (Adware)

http://www.girlliuxiaoqing.com/.../adks_omiga-plus.exe (30805767ff36a4e1b293d008b43c84d4)

1 / 68 (Adware)

http://www.girlliuxiaoqing.com/.../nsbit_webssearches.exe (46e8aefc666a5c004b95aa3330705069)

1 / 68 (Adware)

http://j.allfreesoft.net/inst/software/64F6EF2E-24E3-4626-A0CD-EBBDFEB7C44F/.../vtt_mystartsearch.exe (e04b3cbd9790cf9e66ca402ab4a3ff3c)

1 / 68 (Adware)

http://www.girlwurina.com/.../scl_webssearches.exe (d090af559bd032a8367a4550396aff0c)

1 / 68 (Adware)

http://www.girlwurina.com/.../obw_omiga-plus.exe (8f4cefce34956bb93feccf8c47cb3ab0)

13 / 68 (Adware)

http://www.girlwurina.com/.../kmp_webssearches.exe (177face2beaf851767a9a55dab525d07)

19 / 68 (Adware)

http://www.girlwurina.com/.../face_omiga-plus.exe (f12c38335c5c92dc8aade4eb61a01813)

1 / 68 (Adware)

http://www.girlwurina.com/.../scl_webssearches.exe (43f3f7bca3b979ae283a9fe96c5c97fd)

Distribution

The following websites host and distribute files published by Shulan Hou.

www.girlwurina.com

www.girlliuxiaoqing.com

j.allfreesoft.net

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45 (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149 (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3 (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9 (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8 (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

PC Utilities Software Limited

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '05dadb49cfea02922a80ef71f4fa3933'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.