home

Thinknice Co., Limited

Publisher Information

Thinknice Co., Limited is a software publisher located in 香港, Hong Kong*. The company is a primary distributor of unwanted software. Thre are 11 additional code signing certificates issued to this publisher.
Authority:
GlobalSign nv-sa

Valid from:
8/24/2015 12:34:54 PM

Valid to:
10/21/2015 9:26:52 AM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121cbe5c1558edcc9ccfb7f6a4d0149ac0f

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Thinknice.ThinkniceCo (M), PUP.Thinknice.7th (M), PUP.Thinknice (M)
100.00%

Malwarebytes
PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.MyStartSearch.ShrtCln
44.44%

ESET NOD32
Win32/ELEX.ET potentially unwanted, Win32/ELEX.EY potentially unwanted (variant)
33.33%

Dr.Web
Adware.Mutabaha.668
22.22%

Bkav FE
W32.HfsAdware
16.67%

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen, HEUR/QVM10.1.Malware.Gen
11.11%

F-Secure
Gen:Variant.Application.Jaik, Gen:Variant.Adware.Graftor
11.11%

VIPRE Antivirus
Trojan.Win32.Generic
11.11%

AhnLab V3 Security
PUP/Win32.Agent
11.11%

AVG
Generic, Elex
11.11%

1 / 68      (Adware)
cvs_mystartsearch.exe (4636_cvs_mystartsearch by 7th)  (403db114dd874c89c326209cda0fbdb4)

1 / 68      (Adware)
cvs2_mystartsearch.exe (4695_cvs2_mystartsearch by Portmon/EE)  (6edf86d3109a39530c26b0eed98a2f6c)

1 / 68      (Adware)
nsmcdc2.tmp  (8364155848a4caf1a11950bac0686b58)

1 / 68      (Adware)
nsa4962.tmp (4705_cmi_mystartsearch by 7th)  (e721cdc06e71cb96efa856c0102d3b2d)

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4709_age_oursurfing by 7th)  (4dd0b102b2e1d0382619d43a18e743f5)

1 / 68      (Adware)
dae_do-search.exe (4698_dae_do-search by Portmon/EE)  (b8250a532bb315c465adbd8b32af3bcf)

13 / 68    (Adware)
306.exe (4720_brd_istartsurf by Portmon/EE)  (90f15f8759bc6cf308deb026f19263c1)

7 / 68      (Adware)
wnf_mystartsearch.exe (4719_wnf_mystartsearch by Portmon/EE)  (963cc93ab657fd03899281ac2643c881)

1 / 68      (Adware)
0p1i9lkpusw==3.exe (4706_obw_istartsurf by 7th)  (aec3fa6367e67f47350efafb8f73bfaa)

3 / 68      (Adware)
nsm10e0.tmp (4705_cmi_mystartsearch by 7th)  (06963192482f6db65438029fc5a3b618)

3 / 68      (Adware)
cvs_mystartsearch.exe (4693_cvs_mystartsearch by Portmon/EE)  (003bed340e710532950bf2b70699f623)

3 / 68      (Adware)
oursurfing.exe (4678_eip_oursurfing by Portmon/EE)  (a360dbdaa938112ba232a0118d01cefb)

12 / 68    (Adware)
0p1i9lkpusw==1.exe (4690_obw_istartsurf by 7th)  (82301ece422dc0ceb21e2067b1fed06b)

3 / 68      (Adware)
portmon.exe (4681_face_istartsurf by Portmon/EE)  (86df62a533137bf9cabd95a38a5c40c1)

1 / 68      (Adware)
nsj75f.tmp (4674_cmi_mystartsearch by 7th)  (f6b72cca50fee3a4917c6579f899be9e)

9 / 68      (Adware)
oursurfing.exe (4619_eip_oursurfing by Webank.net)  (b13f010a5dfcb173c7fa59ea20a0f334)

1 / 68      (Adware)
426.exe (4606_tt4u_oursurfing by Webank.net)  (4ad967938402680ec790f58fbeb223a0)

1 / 68      (Adware)
oursurfing.exe (4604_eip_oursurfing by 7th)  (649cc8a58119ad534896e1f2614bb871)

Downloads URLs for files signed by Thinknice Co., Limited.

1 / 68      (Adware)
http://www.girlliuxiaowei.com/.../dae_do-search.exe  (b8250a532bb315c465adbd8b32af3bcf)

3 / 68      (Adware)
http://113.171.224.170/.../cmi_mystartsearch.exe  (06963192482f6db65438029fc5a3b618)

3 / 68      (Adware)
http://113.171.224.210/.../cmi_mystartsearch.exe  (06963192482f6db65438029fc5a3b618)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (f6b72cca50fee3a4917c6579f899be9e)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (aec3fa6367e67f47350efafb8f73bfaa)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (82301ece422dc0ceb21e2067b1fed06b)

1 / 68      (Adware)
https://d2drfrdurj6mvo.cloudfront.net/.../dae_do-search.exe  (b8250a532bb315c465adbd8b32af3bcf)

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (86df62a533137bf9cabd95a38a5c40c1)

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (06963192482f6db65438029fc5a3b618)

The following websites host and distribute files published by Thinknice Co., Limited.

www.girlliuxiaowei.com

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Thinknice Co., Limited.

112170C8A859FAC5632237A13A696FA39819  (Sep 25, 2015 to Oct 21, 2015)

1121A1CF5D56F294C3AE3C86D57954C3D206  (Sep 02, 2015 to Oct 21, 2015)

11210D8FFB9CE8F41CAC6BFC5F9E175348EF  (Oct 20, 2015 to Oct 21, 2015)

1121EFBDA7AD15572D2AE066B4E5E3A93D59  (Oct 15, 2015 to Oct 21, 2015)

1121528E742BFE9208616B879CB05DA32392  (Sep 06, 2015 to Oct 21, 2015)

1121948AE7CDF399F225331BCCDB2A49702C  (Oct 13, 2015 to Oct 21, 2015)

1121A999331F30FB5D6CFEB452D062BE7BA5  (Oct 16, 2015 to Oct 21, 2015)

1121F671AB6293D47F258F57988EE5F47C30  (Oct 08, 2015 to Oct 21, 2015)

11214C4844480632D72985DD9135BD0E276D  (Aug 19, 2015 to Oct 21, 2015)

11217B1525408E122E96F2FC3CB018A64466  (Oct 20, 2014 to Oct 21, 2015)

10 of 11 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Yuxin WANG

Giner Tech Inc

Minidigital Technology Co., Limited

Thinknice Co. Limited

EasyVpn

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

* Note, the details and description above are based on the code signing digital signature issued to Thinknice Co., Limited by GlobalSign nv-sa on August 24, 2015 with the serial number '1121cbe5c1558edcc9ccfb7f6a4d0149ac0f'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.