» Yu Bao
Digital Signature
Analysis
Files (46)
Downloads (21)
Distribution (9)
Related (64)

Yu Bao

Publisher Information

Yu Bao is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 267 additional code signing certificates issued to this publisher.

Authority:

thawte, Inc.

Valid from:

1/19/2016 10:00:00 PM

Valid to:

10/20/2016 9:59:59 PM

Subject:

CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

33b08f2271169c4a724d437f83663f29

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.YuBao.Installer (M), PUP.YuBao (M), PUP (M)

100.00%

Dr.Web

Adware.Mutabaha.1034, Adware.Mutabaha.1034, Win32.Wplugin.2, Adware.Mutabaha.1061, Adware.Mutabaha.1061, Win32.FloodFix.7

10.87%

avast!

Win32:Patched-JI, Win32:GenMalicious-BFP [Trj]

6.52%

F-Prot

W32/Slugin.B, W32/Floxif.B

6.52%

Microsoft Security Essentials

Threat.Undefined

6.52%

Kaspersky

Virus.Win32.Slugin, Virus.Win32.Pioneer

6.52%

McAfee

Virus.W32/Wplugin, Trojan.Dropper-FIY!DBFC58BAA8FB

6.52%

ESET NOD32

Win32/Slugin.A virus, Win32/Floxif.H virus, Win32/Agent.NAG virus

6.52%

Norman

Win32.SlugIn.A, Win32.Floxif.A

6.52%

AVG

Win32/Slugin.A, Win32/Floxif.A

4.35%

1 / 68 (Malware)

trn_setup.exe (8f2c2c19ac9f0e60a49f2830a7723063)

1 / 68 (Malware)

qnjrvvufsgtltgc09lgyvqnjrvvufsgtltgc09lgyv_a10.exe (b3aee5833f1f8db72bd0766faa81ef25)

1 / 68 (Malware)

osxoh3etvy1qpuq7lzkaosxoh3etvy1qpuq7lzka_a10.exe (08adfb0b60c09b5ee91ffe26eedcd262)

1 / 68 (Malware)

obs_setup.exe (737371cdebf0e0574310b415c12c86f3)

1 / 68 (PUP)

11cbcd37_stp.exe (6ebd6aa1b4ec18f0a5383352b93c1456)

1 / 68 (PUP)

0dxabxr5q34oq68dhfyy0dxabxr5q34oq68dhfyy_a10.exe (1067d27bd9127ae8fcad7db484b92b1a)

1 / 68 (PUP)

fofffoezoiliwl5vej8op4nvdxfofffoezoiliwl5vej8op4nvdx_a10.exe (9b300c42c6f074ca713b34bcec404edf)

1 / 68 (PUP)

ersnyi4dpscftbjbmaqyegcersnyi4dpscftbjbmaqyegc_a10.exe (6c987325aa0b5945972e33e66c45b51d)

1 / 68 (PUP)

sto_setup.exe (1409e8f667c3920505bde5a3f5ce46f7)

1 / 68 (PUP)

setup.exe (4c56ecdc33eded7ece74aaf67a6c7f2f)

1 / 68 (PUP)

mzuzfbihfvkxyc7y5js778vodmpg0mzuzfbihfvkxyc7y5js778vodmpg0_a10.exe (25d1ec24fbff0448de462dad63805df5)

1 / 68 (PUP)

d4qvvzp6mqnstzh5zlfryshlhd4qvvzp6mqnstzh5zlfryshlh_a10.exe (b335cbf25334ea9b6f93b5f41b77abb4)

1 / 68 (PUP)

setup.exe (98fc5a855312992a8a3b75358770c0bd)

11 / 68 (PUP)

obs_setup.exe (0a5374689d4e337ae1af1029a6ce62a0)

1 / 68 (PUP)

jztutsa0n6zqyr52zyedroohjztutsa0n6zqyr52zyedrooh_a10.exe (99b4a48a4bf8eb55d1d5af5cf30aaea7)

1 / 68 (PUP)

d587gkz53.exe (afb0a212a4c693315a5cd2a184e99683)

1 / 68 (PUP)

ic-0.2feed6318916a.exe (06ec48b88b060c14de16ab1c3e9eba37)

1 / 68 (PUP)

0dxabxr5q34oq68dhfyy0dxabxr5q34oq68dhfyy_a10.exe (1287cccd0e44d238ef72db6dcacfd4ac)

1 / 68 (PUP)

ersnyi4dpscftbjbmaqyegcersnyi4dpscftbjbmaqyegc_a10.exe (3660e4915918148cf5f4936b0ab04560)

1 / 68 (PUP)

adv_234.exe (ae620584ecc64a975b5ad15802a3e963)

1 / 68 (PUP)

986y1fakh.exe (f30faaba1cb8118b203e0c22870cf002)

1 / 68 (PUP)

cos_setup.exe (d3767b14de34b3ed315002971afbf685)

11 / 68 (PUP)

ic-0.33b3c83fc48d9.exe (dbfc58baa8fb4da0700ca024e10bedc5)

1 / 68 (PUP)

zy7as6opcc6xkkm4qeppbxonfszy7as6opcc6xkkm4qeppbxonfs_a10.exe (5bcf035a7835feeb62f0ec5131890d26)

1 / 68 (PUP)

dam_setup.exe (c70e9ab740af3675d64ed68a02051c88)

1 / 68 (PUP)

ic-0.8998365d6afff8.exe (26f7926a3621da5c7a733d8800011377)

1 / 68 (PUP)

4uewnb5a5tlmgqkfyoomdvthhn4uewnb5a5tlmgqkfyoomdvthhn_a10.exe (8a8dc4f5e8051cf0604f271ddf96359b)

1 / 68 (PUP)

0ku2m09dn.exe (c355197363dc68731354a7c1d8602ffa)

1 / 68 (PUP)

jjrpoqigtpk7wwvgpyrz4jjjrpoqigtpk7wwvgpyrz4j_a10.exe (ffd89bb54550051a0b29beef9ef6b723)

1 / 68 (PUP)

d4qvvzp6mqnstzh5zlfryshlhd4qvvzp6mqnstzh5zlfryshlh_a10.exe (8b729524e3f552aad37f6a74ce668683)

Latest 30 of 46 files

Downloads URLs for files signed by Yu Bao.

1 / 68 (PUP)

http://201.31.162.82/cache/d2xvc2nqkduarq.cloudfront.net/.../dam_setup.exe (670f26ab70ecff92fbb1bec9c40c4844)

2 / 68 (PUP)

http://113.171.224.210/.../dam_setup.exe (f30faaba1cb8118b203e0c22870cf002)

2 / 68 (PUP)

http://113.171.224.245/.../ism_setup.exe (f30faaba1cb8118b203e0c22870cf002)

2 / 68 (PUP)

https://d2xvc2nqkduarq.cloudfront.net/.../obs_setup.exe (d37e409e4456cd7a06720453466bea5c)

1 / 68 (PUP)

http://skygetfile.co/.../310714_a10.exe (3660e4915918148cf5f4936b0ab04560)

2 / 68 (PUP)

http://113.171.224.211/.../ism_setup.exe (f30faaba1cb8118b203e0c22870cf002)

1 / 68 (PUP)

https://d2xvc2nqkduarq.cloudfront.net/.../setup.exe (670f26ab70ecff92fbb1bec9c40c4844)

2 / 68 (PUP)

http://113.171.224.165/.../ism_setup.exe (f30faaba1cb8118b203e0c22870cf002)

1 / 68 (PUP)

http://d2xvc2nqkduarq.cloudfront.net/.../dam_setup.exe (c70e9ab740af3675d64ed68a02051c88)

2 / 68 (PUP)

http://113.171.224.171/.../dam_setup.exe (f30faaba1cb8118b203e0c22870cf002)

1 / 68 (PUP)

http://dl.gocloudnext.com/.../setup.exe (670f26ab70ecff92fbb1bec9c40c4844)

2 / 68 (PUP)

http://polifile.co/.../310714_a10.exe (f30faaba1cb8118b203e0c22870cf002)

2 / 68 (PUP)

http://polifile.co/.../310714_a10.exe (f30faaba1cb8118b203e0c22870cf002)

2 / 68 (PUP)

http://d2xvc2nqkduarq.cloudfront.net/.../ism_setup.exe (d37e409e4456cd7a06720453466bea5c)

2 / 68 (PUP)

http://d.brtsekure10.com/CoffeeFeed/.../Setup.exe (d37e409e4456cd7a06720453466bea5c)

2 / 68 (PUP)

http://sp-storage.spccint.com/Installer/.../Setup.exe (d37e409e4456cd7a06720453466bea5c)

2 / 68 (PUP)

http://d2xvc2nqkduarq.cloudfront.net/.../obs_setup.exe (f30faaba1cb8118b203e0c22870cf002)

2 / 68 (PUP)

http://d2xvc2nqkduarq.cloudfront.net/.../setup.exe (f30faaba1cb8118b203e0c22870cf002)

1 / 68 (PUP)

http://www.download-servers.com/.../dl.php?r=vu_vo2_SO&rr=C&sct=AGR&sid=4C4C4544-0051-5410-8047-B6C04F335231 (obs_setup.exe)

1 / 68 (PUP)

http://ollyfile.me/.../310714_a10.exe (85c02e29235275711da7ad5f18c33cb2)

1 / 68 (PUP)

http://filenetget.me/.../310714_a10.exe (02db4e79366485a8512ede6ba0743605)

Distribution

The following websites host and distribute files published by Yu Bao.

d2xvc2nqkduarq.cloudfront.net

d.brtsekure10.com

sp-storage.spccint.com

www.download-servers.com

The certificates below are also signed by Yu Bao.

324E4B124A3311B82F185FF09360D184 (Jan 06, 2017 to Nov 22, 2017)

1D3674A5213BF2E51F2E183E408F80E6 (Dec 20, 2016 to Nov 22, 2017)

35CA05C60046DEA03C4A5DF8481B2BF0 (Oct 28, 2016 to Nov 22, 2017)

3CE0BE60AB8302A19B71948EEBC13037 (Jan 11, 2017 to Nov 22, 2017)

43BB3BE4712D02B17D447D6D9B50507C (Dec 13, 2016 to Nov 22, 2017)

484BF6F7CDB22658B1162CD6BDAA1187 (Oct 27, 2016 to Nov 22, 2017)

708C988F093CFAE968FE5525CA048ABA (Jan 21, 2017 to Nov 22, 2017)

7EFDCDBDDDD82397B41ECF4BAAD4DA22 (Jan 23, 2017 to Nov 22, 2017)

54A170102461FDC967ACFAFE4BBBC7F0 (Oct 18, 2016 to Nov 22, 2017)

61B528D05997B8CA693F5E31E637BE7E (Nov 17, 2016 to Nov 22, 2017)

10 of 267 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

ClickMeIn Limited

Digit Network (Extreme White Limited)

ClientConnect LTD

Speed Low Inc.

Conduit Ltd.

Guide Style LTD corp.

VANKY TECHNOLOGY LIMITED

Zealot Games Limited

Any Send Pro (ClickMeIn Ltd)

Yuanyuan Zhang

think-cell Software GmbH

Yupeng Zhang

TECHALPHA LLC

Prelasan Developments s.l.

LionSea Software co., ltd

Video Plugin software SL

PennyBee

30 of 64 publishers

* Note, the details and description above are based on the code signing digital signature issued to Yu Bao by thawte, Inc. on January 19, 2016 with the serial number '33b08f2271169c4a724d437f83663f29'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.