home

Xiaoqing Liu

Publisher Information

Xiaoqing Liu is a software publisher located in Zaozhuang, Shandong in China*. The company is a primary distributor of unwanted software. Thre are 4 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
8/13/2014 2:00:00 AM

Valid to:
8/17/2015 2:00:00 PM

Subject:
CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01d9e1c9dea81ddca65062cc18203480

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.XiaoqingLiu.O, PUP.XiaoqingLiu.I, PUP.XiaoqingLiu.R, PUP.XiaoqingLiu.Q, PUP.XiaoqingLiu.K, PUP.XiaoqingLiu.F, PUP.XiaoqingLiu.l, PUP.XiaoqingLiu.Y, PUP.XiaoqingLiu.H, PUP.XiaoqingLiu.S, PUP.XiaoqingLiu.M, PUP.XiaoqingLiu.FF, PUP.Li Mo.XiaoqingLiu, PUP.ELEX.XiaoqingLiu (M), PUP.ELEX.Xiaoqing (M)
100.00%

Sophos
Elex, PUA 'Elex' (of type Adware)
62.16%

AVG
Generic
43.24%

VIPRE Antivirus
Trojan.Win32.Generic, BehavesLike.Win32.Malware.sfd (mx-v)
32.43%

Trend Micro House Call
Suspicious_GEN.F47V1231, Suspicious_GEN.F47V0107, Suspicious_GEN.F47V0112, Suspicious_GEN.F47V0111, Suspicious_GEN.F47V0116, Suspicious_GEN.F47V0109
27.03%

Baidu Antivirus
Adware.Win32.ELEX, PUA.Win32.LiMo, Adware.Win32.SmartApps
21.62%

G Data
Win32.Application.Limo, Gen:Application.Elex
21.62%

K7 AntiVirus
Unwanted-Program , Riskware
21.62%

ESET NOD32
Win32/LiMo (variant)
13.51%

McAfee
Artemis!8EDA3333DF72, Artemis!0193EC67D071, Artemis!545927FD60F8
10.81%

1 / 68      (Adware)
sfpsnew4_mystartsearch.exe (2445_sfpsnew4_mystartsearch by One Syn)  (53319a37bb03506635cba4501aa45254)

1 / 68      (Adware)
uni_webssearches.exe (2457_uni_webssearches by TabMain)  (fdc5af35b6c8c82165ba330bffaf39ed)

1 / 68      (Adware)
0ab14rn1.exe (2509_obw_mystartsearch by TabMain)  (8483423f453cfbcbc84b5de35165c8d2)

1 / 68      (Adware)
scl_webssearches.exe (2322_scl_webssearches by NaNi)  (c04e7ba70981bb2f92d1b892ccdfb180)

1 / 68      (Adware)
0ab14rn0.exe (2524_obw_mystartsearch by XMain)  (c11c3d3e07a050955118d716e9978fc0)

1 / 68      (Adware)
mystartsearch_soft_partner.exe (2456_tt4u_mystartsearch by TabMain)  (9657bf1069229a9555342a48b2767260)

1 / 68      (Adware)
sfpsnew3_mystartsearch.exe (2446_sfpsnew3_mystartsearch by One Syn)  (6d287535e7d619ba7d392c559ddd80c3)

1 / 68      (Adware)
nsbes_webssearches.exe (2422_nsbes_webssearches by TabMain)  (5be3b2052353a413a0415f0414638330)

1 / 68      (Adware)
web searches.exe (2432_ika_webssearches by TabMain)  (31d5c457a2f4a2e557040f59cf9fa0eb)

5 / 68      (Adware)
rbm_webssearches.exe (2480_rbm_webssearches by fdg)  (a3df7bd2c3efcc21f9817826a34609e3)

5 / 68      (Adware)
red_webssearches.exe (2431_red_webssearches by TabMain)  (9a10f5567e114f3df33e0b5c2d7af6cb)

7 / 68      (Adware)
bdo_mystartsearch.exe (2419_bdo_mystartsearch by TabMain)  (897e088b6c6b64d5c5eef7672352aae2)

14 / 68    (Adware)
rbm_webssearches.exe (2495_rbm_webssearches by JWTab)  (ec0b20505773be03c11faee067003766)

4 / 68      (Adware)
vtt_mystartsearch.exe (2439_vtt_mystartsearch by TabMain)  (177501349aa25e7430f58372cc6e69b5)

9 / 68      (Adware)
mystartsearch_07_01-1439927a.exe (2472_slbnew_mystartsearch by SysTools)  (545927fd60f8f9038f1954b34d51bdf6)

4 / 68      (Adware)
rbm_omiga-plus.exe (2361_rbm_omiga-plus by fdg)  (068059e714a5410ed07dc362de94fd42)

13 / 68    (Adware)
squadm_omiga-plus.exe (2479_squadm_omiga-plus by JWTab)  (133a63a567e78698d6219fa2cf6ee0fd)

5 / 68      (Adware)
szas5fot4hgna3p4fzw36m7skglfszas5fot4hgna3p4fzw36m7skglf_a7.exe (2504_pcm_webssearches by TabMain)  (c790bd997d33ad5571bee44eeab05101)

4 / 68      (Adware)
nsbit_webssearches.exe (2423_nsbit_webssearches by TabMain)  (94c480aa43040e4182539960a187caa1)

4 / 68      (Adware)
nsbfr_webssearches.exe (2421_nsbfr_webssearches by TabMain)  (4af74034bb8e8618a6f8aa7315c71de3)

7 / 68      (Adware)
mystartsearchun_07_01-dc64ce31.exe (2473_slb2_mystartsearch by SysTools)  (0193ec67d071ba37c05e9e26bafd7baf)

8 / 68      (Adware)
ws_fw_150114.exe (2366_cov_webssearches by NaNi)  (e2408f720426bf533503ccbb11325908)

1 / 68      (Adware)
sien_mystartsearch.exe (2437_sien_mystartsearch by TabMain)  (395d5831b7c7693e58c4fb55cda30a46)

4 / 68      (Adware)
omigaplus.exe (2360_ill_omiga-plus by fdg)  (af25bbe719019bce01809083509dd845)

4 / 68      (Adware)
airc629.exe (2428_air_omiga-plus by TabMain)  (4044a29c236ee24f4987d7f986f21f5a)

4 / 68      (Adware)
kmp_webssearches.exe (2433_kmp_webssearches by TabMain)  (a53f8188c1638238878a455f86eb2951)

4 / 68      (Adware)
of_es-i3-omiga_chk_0_272.exe (2435_profr_omiga-plus by TabMain)  (cb1d80f72895d9db11dadb5819cedd69)

4 / 68      (Adware)
of_es-i3-omiga_chk_0_272.exe (2435_profr_omiga-plus by TabMain)  (cb1d80f72895d9db11dadb5819cedd69)

1 / 68      (Adware)
cbuteof7ibuaczc8giobcbuteof7ibuaczc8giob_a7.exe (2458_pcm_webssearches by TabMain)  (928500769f5c62d8ac36b15dad2f7561)

4 / 68      (Adware)
ill_webssearches.exe (2481_ill_webssearches by fdg)  (80bb85dfea67b1c6f6f1a801c4b9baeb)

 
Latest 30 of 37 files

Downloads URLs for files signed by Xiaoqing Liu.

5 / 68      (Adware)
http://www.girlwurina.com/.../pjr_webssearches.exe  (8324eecad7f3454f003c4e9420f97fb9)

1 / 68      (Adware)
http://www.girlwurina.com/.../uni_webssearches.exe  (fdc5af35b6c8c82165ba330bffaf39ed)

1 / 68      (Adware)
http://www.girlwurina.com/.../scl_webssearches.exe  (c04e7ba70981bb2f92d1b892ccdfb180)

4 / 68      (Adware)
http://www.girlwurina.com/.../air_omiga-plus.exe  (4044a29c236ee24f4987d7f986f21f5a)

1 / 68      (Adware)
http://2ndrequest.me/.../310714_a7.exe  (928500769f5c62d8ac36b15dad2f7561)

1 / 68      (Adware)
http://www.girlwurina.com/.../sfpsnew3_mystartsearch.exe  (6d287535e7d619ba7d392c559ddd80c3)

5 / 68      (Adware)
http://113.171.224.214/.../pjr_webssearches.exe  (8324eecad7f3454f003c4e9420f97fb9)

5 / 68      (Adware)
http://2ndrequest.me/.../310714_a7.exe  (c790bd997d33ad5571bee44eeab05101)

9 / 68      (Adware)
http://www.girlwurina.com/.../wpc_mystartsearch.exe  (fea825f32a46dcb9e5324ae3a093c163)

4 / 68      (Adware)
http://www.girlwurina.com/.../kmp_webssearches.exe  (a53f8188c1638238878a455f86eb2951)

6 / 68      (Adware)
http://www.girlwurina.com/.../obw_webssearches.exe  (150776778052f353fee0cfc8a2b10692)

The following websites host and distribute files published by Xiaoqing Liu.

2ndrequest.me

www.girlwurina.com

The certificates below are also signed by Xiaoqing Liu.

01FE476BB35D5C01EABE81B9438B7B75  (Aug 13, 2014 to Aug 17, 2015)

0889CED821C1220A4F950101C71E977B  (Aug 13, 2014 to Aug 17, 2015)

04EED95FE18B1B4413D68A12F53663C0  (Aug 13, 2014 to Aug 17, 2015)

0EBAB4AC38B70A33EE517D238BDE49D7  (Aug 12, 2014 to Aug 17, 2015)

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Fuyuan Zhou

Taiming Li

Ma Lin

Li Mo

Zhang Ling

Search Vortex

CLARALABSOFTWARE

CNB TECHNOLOGIES LLC

Plain Savings

MY POP SHOP LTD

Yuxin WANG

* Note, the details and description above are based on the code signing digital signature issued to Xiaoqing Liu by DigiCert Inc on August 13, 2014 with the serial number '01d9e1c9dea81ddca65062cc18203480'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.