home

Yang Liu

Publisher Information

Yang Liu is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 37 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
6/20/2016 7:00:00 AM

Valid to:
11/26/2016 6:59:59 AM

Subject:
CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2f046d1750f5f527bd6f57503a7caa07

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Elex (M), PUP.Winzipper.YangLiu.Meta (M), Adware.Elex.YangLiu.Meta (M), PUP.Winzipper.YangLiu.Installer.Meta (M), PUP.Winzipper.YangLiu.Meta (L), PUP.Winzipper (M), PUP.Winzipper (L), PUP.Elex (M)
95.83%

ESET NOD32
Win32/ELEX.IC potentially unwanted application, Win32/ELEX.IH potentially unwanted application, Win32/ELEX.IJ potentially unwanted application, Win32/ELEX.IE potentially unwanted application
8.33%

Bkav FE
W32.HfsAdware
6.25%

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
6.25%

ESET NOD32
Win32/ELEX.IK potentially unwanted (variant), Win32/ELEX.HW potentially unwanted (variant)
4.17%

AVG
nbsp;
2.08%

K7 AntiVirus
Riskware
2.08%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
2.08%

IKARUS anti.virus
PUA.Elex
2.08%

1 / 68      (PUP)
eupgrade.exe (WinZiper by Winziper Pvt)  (e32d86f88d6b8f984221b9a387515dc2)

1 / 68      (PUP)
update.exe  (7f9f96a6bf4367eff7f43150f409f40c)

1 / 68      (PUP)
wzUninstall.exe (WinZipper by Winziper Pvt)  (be21dab314772cd90571d7e21914fe16)

1 / 68      (PUP)
dzkcmjw.exe  (cc27d23680c55bd20a2cf0b491aa7380)

1 / 68      (PUP)
exnvd.exe  (dba92463282772d8f57ed656ee96d182)

1 / 68      (PUP)
wzUninstall.exe (WinZipper by Winziper Pvt)  (36c1d16d1b90142101effc3a56328826)

1 / 68      (PUP)
winzipersvc.exe (Winziper by Winziper Pvt)  (61589c758c1d651d7f7a7fa1145f6508)

1 / 68      (PUP)
exnvd.exe  (482ebb721ed6847cd86f94753578a9ce)

1 / 68      (PUP)
winzipersvc.exe (Winziper by Winziper Pvt)  (e5a9c5f4cf0b090a4dfabf434d0bbb16)

1 / 68      (PUP)
winzipersvc.exe (Winziper by Winziper Pvt)  (e5a9c5f4cf0b090a4dfabf434d0bbb16)

1 / 68      (PUP)
eupgrade.exe (WinZiper by Winziper Pvt)  (06286b90444166ab538156050f272cb4)

1 / 68      (PUP)
eupgrade.exe (WinZiper by Winziper Pvt)  (c06298a921c54f4b594bd59a7afdc870)

1 / 68      (PUP)
wzupg.exe  (4ad135167dd976566fc2dc0c825c66ef)

1 / 68      (PUP)
winziper.exe (winziper by Winziper Pvt)  (ecf13d584ec84511830db0cb349873bb)

1 / 68      (PUP)
wzupg.exe  (d27a1a9478a8f3a8be0101ed0e8c8d4f)

1 / 68      (PUP)
wzupg.exe  (703d39c80769f072abca556a25e2c172)

1 / 68      (PUP)
wzupg.exe  (703d39c80769f072abca556a25e2c172)

1 / 68      (PUP)
winzipersvc.exe (Winziper by Winziper Pvt)  (a3d0cdb08150d24f6746894c039d0e33)

1 / 68      (PUP)
winziper.exe (winziper by Winziper Pvt)  (ecf13d584ec84511830db0cb349873bb)

1 / 68      (PUP)
winziper.exe (winziper by Winziper Pvt)  (81116a1d026ba5189ce1895ac30a1b87)

1 / 68      (PUP)
wzdl.exe (Winziper by Winziper Pvt)  (40ea5ff9ce9b070cb82a52b3cfb42ee0)

1 / 68      (PUP)
wzUninstall.exe (WinZipper by Winziper Pvt)  (920497aa37e2681f5e9ecdb39bb01c40)

1 / 68      (PUP)
wzShellctx.dll (WinZiper by Winziper Pvt)  (09bed7bbd0b32fab732155d4d8f38b70)

1 / 68      (PUP)
wzshellctx64.dll (WinZiper by Winziper Pvt)  (74b84229cb6b584d669188a4b9b10388)

1 / 68      (PUP)
wzupg.exe  (155da7feb94c29108f493ad9888fb18f)

1 / 68      (PUP)
wzshellctx64.dll (WinZiper by Winziper Pvt)  (b59f85c052d747b7113f663a62b5c145)

1 / 68      (PUP)
winziper.exe (winziper by Winziper Pvt)  (53e747f7fbb2dc58df16d77ecb370230)

1 / 68      (PUP)
winzipersvc.exe (Winziper by Winziper Pvt)  (a621051bf16aee789f3bc48bfc738c9f)

1 / 68      (PUP)
einstall.exe (Winziper by Winziper Pvt)  (c75c89be3d335e9d6e70a06020d71ec0)

2 / 68      (PUP)
wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

 
Latest 30 of 48 files

Downloads URLs for files signed by Yang Liu.

2 / 68      (PUP)
http://113.171.224.205/.../wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

2 / 68      (PUP)
http://113.171.224.243/.../wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

2 / 68      (PUP)
http://101.110.118.69/dhd29up7zcdyt.cloudfront.net/update/new.2.0/wz/2.2.30/.../wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

2 / 68      (PUP)
http://113.171.224.174/.../wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

2 / 68      (PUP)
http://dhd29up7zcdyt.cloudfront.net/update/new.2.0/wz/2.2.30/.../wzqy02023000_dl_s.exe  (7f9f96a6bf4367eff7f43150f409f40c)

The following websites host and distribute files published by Yang Liu.

dhd29up7zcdyt.cloudfront.net

The certificates below are also signed by Yang Liu.

061360451AA9FFA4C284A53102F5390C  (Jun 23, 2016 to Nov 26, 2016)

059FF8C43E78A3FAB92A0F2F7B0E7419  (Jun 02, 2016 to Nov 26, 2016)

45C77D4C7C588AD215F9659DB245AF3F  (Nov 26, 2015 to Nov 26, 2016)

7E33408946021935E8D0EAE96E89183D  (Aug 23, 2016 to Nov 26, 2016)

4FE636C680E3BB9177ACD59092A0468C  (Sep 13, 2016 to Nov 26, 2016)

5B9AC0E738D05D822B857836B502792E  (Aug 25, 2016 to Nov 26, 2016)

5EE2C843E71C8CC7D8A811673FA217AC  (May 20, 2016 to Nov 26, 2016)

631D80FC8573BCF179976B09AED1C5D7  (Aug 29, 2016 to Nov 26, 2016)

6E0D9F5A58538BA3773770D565404AF7  (Jun 30, 2016 to Nov 26, 2016)

6F245CD10782C354F8265551BE5F41E0  (Apr 19, 2016 to Nov 26, 2016)

10 of 37 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Speed Low Inc.

EasyVpn

think-cell Software GmbH

Chencheng Cai

ZendFire Inc. LLC

北京智明腾亿科技有限公司

* Note, the details and description above are based on the code signing digital signature issued to Yang Liu by thawte, Inc. on June 20, 2016 with the serial number '2f046d1750f5f527bd6f57503a7caa07'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.