home

Yuanyuan Mei

Publisher Information

Yuanyuan Mei is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 25 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/11/2016 9:00:00 PM

Valid to:
4/20/2017 8:59:59 PM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
6c5d7a45fc4fe4003f40d7b13c3aa377

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Elex (M)
100.00%

Rising Antivirus
Malware.Generic!CWx0dCtykVM@5 (Thunder)
4.17%

IKARUS anti.virus
PUA.IStartSurf
4.17%

AVG
Generic_r
4.17%

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
4.17%

1 / 68      (PUP)
4xfa2viot3.exe  (49a05680090ebf82a577003e640f557d)

1 / 68      (PUP)
amyesz.exe  (543fc876998cfc10a5ba2a23f3b96eaa)

1 / 68      (PUP)
dam_ay.exe  (8460e1d5e1cc46d074629ff5375c6ca1)

1 / 68      (PUP)
isr_lj.exe  (e12feacae7b15cd703277da29cc6e5b0)

5 / 68      (PUP)
tyclzb492i.exe  (c4fd121563740b596ab91212c61ea9f6)

1 / 68      (PUP)
awh49b9.tmp  (2dc6c3dcb54d896e2d70608a2a1b5d34)

1 / 68      (PUP)
sqr_liu.exe  (03597ba4c28c3976e3602ea8c490eda3)

1 / 68      (PUP)
534ymfn3o.exe  (05b8373618edbd6ff7909420b74af0ba)

1 / 68      (PUP)
damu_ay.exe  (2c449160d6d0b214ecb875b6be0501e8)

1 / 68      (PUP)
magx1yscj3.exe  (ce414ce4fc471e5614df9ecc6c8563f3)

1 / 68      (PUP)
amyesz.exe  (ae5f601ddffa63886b32eb5ad2e21db9)

1 / 68      (PUP)
damu_ay.exe  (42fac95e9284812f894bd66c25045054)

1 / 68      (PUP)
flnrq0clv.exe  (550f35d513ddb1c977963c6f0da42ad5)

1 / 68      (PUP)
dam_ay.exe  (37c62ae7250653ab0dabb1acb8f1cf76)

1 / 68      (PUP)
isr_lj.exe  (cc0576a8cc91723aca17a9d4be6fdd3f)

1 / 68      (PUP)
qwbgmwztpf.exe  (8bd03fe9e53ae7660760871e3f3abb50)

1 / 68      (PUP)
amyesz.exe  (f7c02916db60ec7f2270a4d9f48e8cff)

1 / 68      (PUP)
sqr_liu.exe  (da6d6a428fb5add4412a420e497bb7a5)

1 / 68      (PUP)
damu_ay.exe  (4b8fa6a19f4bc27f841451a4b9e1a8ef)

1 / 68      (PUP)
v580zdl97.exe  (cfdba6f6559520e00a52ae9dba47345e)

1 / 68      (PUP)
isr_lj.exe  (f31536bf42b78452f2fb5518314a59d1)

1 / 68      (PUP)
dam_ay.exe  (95ed08d619ec46a8b357c6dab58f4a2b)

1 / 68      (PUP)
amyesz.exe  (d4633b6682a421dfcce43ee1f1062100)

1 / 68      (PUP)
9pxubn7bgb.exe  (156e2af2ee396b3ec78d8f52c72b09e9)

Downloads URLs for files signed by Yuanyuan Mei.

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe  (37c62ae7250653ab0dabb1acb8f1cf76)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe  (8460e1d5e1cc46d074629ff5375c6ca1)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../amyesz.exe  (2dc6c3dcb54d896e2d70608a2a1b5d34)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../damu_ay.exe  (4b8fa6a19f4bc27f841451a4b9e1a8ef)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../amyesz.exe  (ae5f601ddffa63886b32eb5ad2e21db9)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../dam_ay.exe  (95ed08d619ec46a8b357c6dab58f4a2b)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../amyesz.exe  (543fc876998cfc10a5ba2a23f3b96eaa)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../amyesz.exe  (d4633b6682a421dfcce43ee1f1062100)

1 / 68      (PUP)
http://d3g1g0k0wwnjag.cloudfront.net/.../amyesz.exe  (f7c02916db60ec7f2270a4d9f48e8cff)

The certificates below are also signed by Yuanyuan Mei.

1E8CBE561541A195413040AFD65F878D  (Jan 06, 2017 to Apr 21, 2017)

6DA39476057154CF6769846DB47C8306  (Aug 26, 2016 to Apr 21, 2017)

045D57D63E13775C8F812E1864797F5A  (Jan 22, 2017 to Apr 21, 2017)

128A1FE0064E80F84A2197C8F0D07D76  (Jan 24, 2017 to Apr 21, 2017)

19908A5548B59CE82F392297F289696B  (Aug 11, 2016 to Apr 21, 2017)

648588429AF2C580751BE41E22947AC1  (Aug 24, 2016 to Apr 21, 2017)

7D92FB84FC4339F548AEAF1B0A921F9B  (Aug 18, 2016 to Apr 21, 2017)

7D1B8EB8054873A3D1BACD4595433E06  (Jan 13, 2017 to Apr 21, 2017)

4B77E45E6EE2D3592CB495A496A5B5CA  (Jan 19, 2017 to Apr 21, 2017)

0779F2D4DF108ECA89972073E40279BD  (Jan 20, 2017 to Apr 21, 2017)

10 of 25 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Yuanyuan Mei by thawte, Inc. on August 11, 2016 with the serial number '6c5d7a45fc4fe4003f40d7b13c3aa377'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.