home

Yupeng Zhang

Publisher Information

Yupeng Zhang is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 90 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
10/22/2015 10:00:00 PM

Valid to:
10/22/2016 9:59:59 PM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
182977886ea709bc13b5e49d243c3907

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Zhang.YupengZh.Meta (M), Adware.Downloader, PUP.Zhang (M)
95.83%

Avira AntiVirus
W32/Sality.AT, W32/Sality.AG, W32/Ramnit.C
6.25%

Emsisoft Anti-Malware
Gen:Variant.Adware.Ghoskwa
6.25%

Norman
Gen:Variant.Adware.Ghoskwa.1
6.25%

F-Secure
Variant.Adware.Ghoskwa
4.17%

1 / 68      (PUP)
chrome_child.dll (chroomium by The chroomium Authors)  (b8a5cbcc75e66b2b2eb5c59e20a2c377)

1 / 68      (PUP)
delegate_execute.exe (chroomium by The chroomium Authors)  (8fb7b8e535d9bfb912309c82a61dcb68)

1 / 68      (PUP)
wow_helper.exe  (573f832c1e343a885ca3294e70c38cef)

1 / 68      (PUP)
delegate_execute.exe (chroomium by The chroomium Authors)  (85cac6adcdf57a4a08c3619124ecb189)

1 / 68      (PUP)
uninstall.exe  (905d5970c14ff6c7dbb21711328d8334)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (68c6d72026c3930317d2654abfa02be6)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (e4080936f1e1b4d5b040346ea991ed3a)

1 / 68      (PUP)
browserserver.exe  (23c9bf6eaa2e09b833a147b1e6271f4e)

1 / 68      (PUP)
browserserver.exe  (410ccfa15cabd23ddf658068f23a2059)

1 / 68      (PUP)
chrome.dll (chroomium by The chroomium Authors)  (7bb1354868373b387e58cc0c136e954e)

3 / 68      (PUP)
googleupdate.exe  (047e10a0f52c155968050b71e5b5cf80)

3 / 68      (PUP)
tmp0000001507170466ec64d1a0  (44abacd74541390b98a22588c7b011a0)

3 / 68      (PUP)
tmp0000006cdbdfd6b2356ecb66  (2b9882613e563f1598c788b7f81d3814)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (6d00848fb8a382d34fc20c5e108bbc7d)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (a48d247267a2b57206e25920779bfc52)

1 / 68      (PUP)
d3dcompiler_47.dll (Direct3D HLSL Compiler for Redistribution by Microsoft)  (79726081035f4409d5882a6766ffaaf2)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (6d00848fb8a382d34fc20c5e108bbc7d)

1 / 68      (PUP)
googleupdate.exe  (cfdf5b72720bbfb003751bd8c7fe2dd4)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (6d00848fb8a382d34fc20c5e108bbc7d)

1 / 68      (PUP)
chrome_child.dll (chroomium by The chroomium Authors)  (67e1c017f320a0bbe04570aa1fe2cd54)

1 / 68      (PUP)
chrome_child.dll (chroomium by The chroomium Authors)  (5a425a3e0968b4135b33fa80f53e9a99)

1 / 68      (PUP)
cloudrun_21.dll  (25b52f043719976feeeed143120b7326)

1 / 68      (PUP)
browserserver.exe  (abfbbd231e65a3cd8da95e2ba595edb8)

1 / 68      (PUP)
chrome.exe (chroomium by The chroomium Authors)  (c3fdeb6ae1f4c2755fc3eb665c19b969)

1 / 68      (PUP)
updatehelper.dll  (d56d8e6ced77143b7d21783513e1bba8)

1 / 68      (PUP)
cloudrun_net_abtest.dll  (4f91f2767ea26fad011d409f8f6673c3)

2 / 68      (Malware)
googleupdate.exe  (af04fe8e50a92f9e1ce1afaa75856dd0)

1 / 68      (PUP)
updatehelper.dll  (658dff7542b2ef6e57d2b38403343b54)

1 / 68      (PUP)
pepflashplayer.dll (Shockwave Flash by Adobe Systems)  (47aab460932cd0620ca7bbe0f8af576f)

1 / 68      (PUP)
updatehelper.dll  (7ab026042f56f638ee79fe73c1508b9e)

 
Latest 30 of 91 files

Downloads URLs for files signed by Yupeng Zhang.

1 / 68      (PUP)
http://ext.ghokswa.com/gour/.../CloudRun_21.dll  (cloudrun_21.dll)

1 / 68      (PUP)
http://ext.ghokswa.com/gour/.../CloudRun_net_ABtest.dll  (cloudrun_net_abtest.dll)

The following websites host and distribute files published by Yupeng Zhang.

ext.ghokswa.com

The certificates below are also signed by Yupeng Zhang.

244D0CB515ECDD6D7108B5378BBC5F59  (Jul 19, 2016 to Feb 04, 2017)

34AB78BF82BEBF6A9CC99F40A46851C1  (Jun 21, 2016 to Feb 04, 2017)

6565B120804D2D6B22826AC963C337C0  (May 06, 2016 to Feb 04, 2017)

04A1CC140EA21B18320881C0C399255F  (Jul 12, 2016 to Feb 04, 2017)

06D0B3547819B4CEB6DABB812E0638F7  (Apr 11, 2016 to Feb 04, 2017)

0A25959C640ABC5B81072955FB9943A1  (Aug 11, 2016 to Feb 04, 2017)

2BF0FEC70FE0B00738422327FAEEE7C5  (Jun 29, 2016 to Feb 04, 2017)

31F0560C618C0E6EF98650D6DF351DA3  (Jun 17, 2016 to Feb 04, 2017)

327D15D2EA9CBD3C19B9DE3BDEB56E56  (Jul 25, 2016 to Feb 04, 2017)

40EDAAEF1F06073244D1B64D13199A7D  (Jun 27, 2016 to Feb 04, 2017)

10 of 90 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

上海云瞳科技有限公司

Shanghai Yuntong Technology Co., Ltd.

Shan Feng

* Note, the details and description above are based on the code signing digital signature issued to Yupeng Zhang by thawte, Inc. on October 22, 2015 with the serial number '182977886ea709bc13b5e49d243c3907'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.