home

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05e9b0f049a9f311a65a4ca8412ddcaa

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ma Lin.ShulanHou (M), PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX.ShulanHo.Installer (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.OurSeaching.A, PUP.Optional.MyStartSearch.A, PUP.Optional.LuckySearches.A, PUP.Optional.IStartSurf.A
12.00%

Dr.Web
Adware.Mutabaha.362, Adware.Mutabaha.359, Adware.Mutabaha.362, Win32.Wplugin.1
12.00%

Baidu Antivirus
Adware.Win32.ELEX, PUA.Win32.LiMo
12.00%

Bkav FE
W32.HfsAdware
10.00%

Agnitum Outpost
Riskware.Agent, PUA.Downloader
8.00%

ESET NOD32
Win32/ELEX.CL potentially unwanted (variant), Win32/LiMo.C potentially unwanted (variant)
8.00%

Panda Antivirus
PUP/Webssearches, Trj/Genetic.gen
8.00%

G Data
Application.Elex, Win32.Application.Limo
8.00%

MicroWorld eScan
Application.Elex.D, Application.Generic.1261596
6.00%

1 / 68      (Adware)
smt_istartsurf.exe  (11396361f070dae6bec9cff2c3bb3b78)

1 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (e347f51596b15b35cf7e8bafdf94819a)

1 / 68      (Adware)
lly_mystartsearch.exe (3765_tugs_mystartsearch by AnyLink.com)  (9042a98630fc12bcfebe85c5def3edd3)

1 / 68      (Adware)
wnf_mystartsearch.exe (3840_wnf_mystartsearch by WiLink.com)  (c025d9f482476579def5afd144948743)

1 / 68      (Adware)
cvs5_mystartsearch.exe (3825_cvs5_mystartsearch by WiLink.com)  (d765da0bb5522410efa025453b0ea0a5)

1 / 68      (Adware)
untfa0e.tmp.exe (3675_epom2_omniboxes by BaiSix)  (8967b15e26bab723ef2d1b3d3cbc022f)

1 / 68      (Adware)
lly_istartsurf.exe (3802_tugs_istartsurf by WiLink.com)  (a0cd887a6e358ce0c004de3e2b5f4076)

1 / 68      (Adware)
setup.exe (3428_smt_istartsurf by HTabp.com)  (5b774413c49c8886fe7ef19bb4e4b48e)

1 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (5cc2390adba89150456c94e40d086e67)

1 / 68      (Adware)
amt_oursurfing.exe (3799_amt_oursurfing by HTabp.com)  (d0255885b45ed08065242954af579c05)

11 / 68    (Adware)
6lyijjabnpqtugozbwficcuae2wu6lyijjabnpqtugozbwficcuae2wu_a9.exe (3790_pcm_istartsurf by AnyLink.com)  (fae378389b19073a719aecd2455fc9d8)

1 / 68      (Adware)
cvs2_mystartsearch.exe (3679_cvs2_mystartsearch by BaiSix)  (e8a9a587825a647fa798407d2def53cc)

1 / 68      (Adware)
cvs1_mystartsearch.exe (3821_cvs1_mystartsearch by WiLink.com)  (03a2f2682bb726cd7ffccd008883f9b0)

1 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (a311cc5f9d114aeeeae2ffded2775ee9)

1 / 68      (Adware)
cvs_mystartsearch.exe (3782_cvs_mystartsearch by AnyLink.com)  (650094f9a7905929b594eaa255bd9ab0)

1 / 68      (Adware)
cvs2_mystartsearch.exe (3822_cvs2_mystartsearch by WiLink.com)  (dfe1b7f5fc59e008f58ae84198b1ada1)

1 / 68      (Adware)
untdcc8.tmp.exe (3490_epom1_omniboxes by BaiSix)  (00640390180cc5b7cb735803323639da)

1 / 68      (Adware)
lly1_istartsurf.exe (3767_tug1_istartsurf by AnyLink.com)  (565571cd7e9ff91ed079a9fbf6ea52d4)

1 / 68      (Adware)
unta3c0.tmp.exe (3674_epom1_omniboxes by BaiSix)  (142876836731cc8e29c65157a11108e6)

1 / 68      (Adware)
lly_istartsurf.exe (3882_tugs_istartsurf by Synergy (32-bit))  (74af6fe1b3675bf0f2ece02a1d2fe5ff)

1 / 68      (Adware)
amt_oursurfing.exe (3954_amt_oursurfing by Wilnk.com)  (4cc15f6f91bb5b493f84abbf29fdac77)

1 / 68      (Adware)
HTabp.exe (3950_amt_omniboxes by HTabp.com)  (b6817c54bae3668bde218f1b12595e4f)

1 / 68      (Adware)
amt_omniboxes.exe (3916_amt_omniboxes by 768)  (c98afb315dfac3aa471b868fa9394d08)

1 / 68      (Adware)
smt_oursurfing.exe (3584_smt_oursurfing by HTabp.com)  (1f071c68b71c98ecff60fecd21c56abf)

1 / 68      (Adware)
smt_istartsurf.exe (3428_smt_istartsurf by HTabp.com)  (367fed278b73a7c427533ed52406e8a1)

1 / 68      (Adware)
unt39f7.tmp.exe (3489_epom_omniboxes by BaiSix)  (f684f2a3fab73f3e27bb25473c5a74fc)

1 / 68      (Adware)
air_istartsurf.exe (3625_air_istartsurf by BaiSix)  (f691b4a468af2c91574ca0664773c93f)

1 / 68      (Adware)
cvs6_mystartsearch.exe.4594.gzquar (3826_cvs6_mystartsearch by WiLink.com)  (820a521ee1edeac8f3ea12a938334073)

1 / 68      (Adware)
lly_mystartsearch.exe (3878_tugs_mystartsearch by Synergy (32-bit))  (18434030d1fad2dd9f295a44a8c8f175)

1 / 68      (Adware)
cvs_mystartsearch.exe (3976_cvs_mystartsearch by Welnk.com)  (c7bfc4ac7ec2062b6d51b6cb7a207219)

 
Latest 30 of 124 files

Downloads URLs for files signed by Shulan Hou.

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (565571cd7e9ff91ed079a9fbf6ea52d4)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (a44f4f9a552f80077eaa4cc6c90e9d2c)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (55a8b9a9a4e51b2803ed41f6eb5554a4)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (d5c2ad2b1a29cbfde7252f0f2d4c6479)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (18434030d1fad2dd9f295a44a8c8f175)

15 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (d3916ea0b4e8558de5288bc1b989a7cb)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (6fa8117d78ee4ed4cc66e9c340e207ca)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (86290822d6c70dab33a43b95de4a924c)

The following websites host and distribute files published by Shulan Hou.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Shulan Hou.

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

1B471CD0973DAEB038ECC7D56538602F  (Aug 04, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Taiming Li

Fuyuan Zhou

Xiaoqing Liu

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '05e9b0f049a9f311a65a4ca8412ddcaa'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.