home

Yuxin WANG

Publisher Information

Yuxin WANG is a software publisher located in Beijing, China*. The company is a primary distributor of unwanted software. Thre are 46 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/23/2015 9:00:00 PM

Valid to:
8/12/2017 8:59:59 PM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5e0a96a879c14fab2b581cde41b1b811

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ELEX.YuxinWANG (M), PUP.MyStartSearch.YuxinWANG.Meta (M), Threat.Win.Reputation.IMP, PUP.ELEX.YuxinWAN (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.MyStartSearch.ShrtCln
43.75%

F-Secure
Gen:Variant.Application.Jaik, Gen:Variant.Adware.Graftor
18.75%

ESET NOD32
Win32/ELEX.ET potentially unwanted
15.63%

VIPRE Antivirus
Trojan.Win32.Generic
15.63%

Sophos
Generic PUA NP (PUA)
15.63%

Microsoft Security Essentials
BrowserModifier:Win32/SupTab
15.63%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.242090
12.50%

avast!
Win32:Adware-gen [Adw]
12.50%

Norman
Gen:Variant.Adware.Graftor.242090
12.50%

1 / 68      (Adware)
smt_istartsurf.exe (4622_smt_istartsurf by Webank.net)  (eac7b866e57dc17cf0a7412c20b9fa0e)

1 / 68      (Adware)
istartsurfp.exe (4652_brd_istartsurf by 7th)  (4edb7ea5edafa0c8fc7fcd149b8cce6c)

1 / 68      (Adware)
oursurfing.exe (4631_2sq2_oursurfing by 7th)  (8361f9a7ae7c3bf4c0082675db079402)

1 / 68      (Adware)
oursurfing.exe (4630_2sq1_oursurfing by 7th)  (5ea3d35d71af7060f930219993d62676)

1 / 68      (Adware)
lly1_istartsurf.exe (4628_tug1_istartsurf by 7th)  (2b389f5509b8840a70b70103c27e1e22)

1 / 68      (Adware)
pioakdui7nnqmgsneira4pioakdui7nnqmgsneira4_a9.exe (4645_pcm_istartsurf by iWill.net)  (5bad0fb8a445222405116fc40b3fd8ab)

1 / 68      (Adware)
lly_istartsurf.exe (4566_tugs_istartsurf by Webank.net)  (fc96469803b354630c82817b1b98b74e)

1 / 68      (Adware)
wjozzcqfi3qfrmriijngxbwjozzcqfi3qfrmriijngxb_a9.exe (4579_pcm_istartsurf by Webank.net)  (5914031f8da48673b662f172f8bc7e29)

1 / 68      (Adware)
oursurfing.exe (4572_2sq1_oursurfing by Webank.net)  (60b3c909c9088deb48d92ac001f6c624)

1 / 68      (Adware)
lly1_istartsurf.exe (4567_tug1_istartsurf by Webank.net)  (acddd892b2b416a8e9239ccbee184e9a)

8 / 68      (Adware)
Webank.exe (4615_amt_oursurfing by Webank.net)  (19f6aa9e9258e319920d8ca32a8f84d9)

8 / 68      (Adware)
smt_oursurfing.exe (4623_smt_oursurfing by Webank.net)  (331c979e8995a8aa8039a0cecf425241)

11 / 68    (Adware)
lly_mystartsearch.exe (4626_tugs_mystartsearch by 7th)  (e3a6cb83e0e117ab20064acd97c24416)

7 / 68      (Adware)
smt_istartsurf.exe (4622_smt_istartsurf by Webank.net)  (59579f9990ad7b1c31ab77be8a1920cb)

6 / 68      (Adware)
2sq_oursurfing.exe (4629_2sq_oursurfing by 7th)  (e44e04cb920f953980e05bfa805402d9)

1 / 68      (Adware)
amt_omniboxes.exe (4641_amt_omniboxes by iWill.net)  (d166f01188666aabfc3d0a9212802747)

1 / 68      (Adware)
iWill.exe (4640_amt_oursurfing by iWill.net)  (58ea0af4b80786ae54d50d19f294901d)

6 / 68      (Adware)
lly_istartsurf.exe (4627_tugs_istartsurf by 7th)  (a91e2fafafd13d6972d0bafe4d649227)

7 / 68      (Adware)
adv_76.exe (4614_ima_mystartsearch by Webank.net)  (7c5ec99e71c82f4251d167f022e36022)

7 / 68      (Adware)
adv_46.exe (4621_ima_istartsurf by Webank.net)  (365bbbdd18df51caba17cebcdf810916)

6 / 68      (Adware)
oursurfing.exe (4632_2sq3_oursurfing by 7th)  (f7f7dc8483c42f8f794ec2454607ddf0)

1 / 68      (Adware)
cvs_mystartsearch.exe (4569_cvs_mystartsearch by Webank.net)  (0aa83741be6119e58fd8e82ed38c88f6)

2 / 68      (Adware)
smt_istartsurf.exe (4563_smt_istartsurf by Webank.net)  (24650d06578ad79b3474f833dc774ff8)

1 / 68      (Adware)
adv_46.exe (4601_ima_istartsurf by 7th)  (bb98003e99ee3db4333efc77ead86d54)

1 / 68      (Adware)
amt_omniboxes.exe (4588_amt_omniboxes by 7th)  (52d8375062443465a83c092298c585ab)

2 / 68      (Adware)
smt_oursurfing.exe (4564_smt_oursurfing by Webank.net)  (84167fc4103370a3e0f86e76fbd86b53)

1 / 68      (Adware)
lly_mystartsearch.exe (4565_tugs_mystartsearch by Webank.net)  (7c2fd5d09ccee4bf095a209f197aeac3)

2 / 68      (Adware)
amt_oursurfing.exe (4587_amt_oursurfing by 7th)  (3c19c05ac62ced79755c07daf3a6ea33)

1 / 68      (Adware)
lly_istartsurf.exe (4566_tugs_istartsurf by Webank.net)  (a880e2982aedd470c9c8430a7e3625e2)

1 / 68      (Adware)
adv_76.exe (4600_ima_mystartsearch by 7th)  (a586721ea74a8bb7d8b2ff29521da4d0)

 
Latest 30 of 32 files

Downloads URLs for files signed by Yuxin WANG.

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (2b389f5509b8840a70b70103c27e1e22)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (7c2fd5d09ccee4bf095a209f197aeac3)

11 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (e3a6cb83e0e117ab20064acd97c24416)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (5914031f8da48673b662f172f8bc7e29)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (a880e2982aedd470c9c8430a7e3625e2)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (5bad0fb8a445222405116fc40b3fd8ab)

2 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (faf1740e44f43570dc3a7e27a9dd44f9)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (a91e2fafafd13d6972d0bafe4d649227)

2 / 68      (Adware)
http://www.girlliuxiaowei.com/.../smt_istartsurf.exe  (24650d06578ad79b3474f833dc774ff8)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (e44e04cb920f953980e05bfa805402d9)

The following websites host and distribute files published by Yuxin WANG.

www.girlliuxiaowei.com

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Yuxin WANG.

2C416DD3D70B97FC4234C97961D44A24  (Dec 07, 2015 to Aug 14, 2017)

42B89DFF0EF561EC67F3D06741ADE295  (Nov 25, 2015 to Aug 14, 2017)

56493BF0156090CDE0540B795E8541C0  (Feb 10, 2016 to Aug 14, 2017)

0AB62C6D3E19ADF07A06CAFBBBAA27A5  (Feb 08, 2016 to Aug 14, 2017)

2DA55CBA91AF41B2B38306063798B9CB  (Jan 11, 2016 to Aug 14, 2017)

32FE5013D2C7ECC50B6FCEF24F95BE42  (Jan 15, 2016 to Aug 14, 2017)

53780CF050BA35CB5EB86E310BA4C82A  (Jan 13, 2016 to Aug 14, 2017)

5EA44E193FCC51F5A02C23795BDE703B  (Nov 27, 2015 to Aug 14, 2017)

778C2E8E17E285D4882E35D29D8224A9  (Jan 05, 2016 to Aug 14, 2017)

13910B2C74A5DDEADB91E4270330B489  (Dec 31, 2015 to Aug 14, 2017)

10 of 46 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Giner Tech Inc

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co., Limited

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Search Vortex

Thinknice Co. Limited

Banyan Tree Technology Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Yuxin WANG by thawte, Inc. on August 23, 2015 with the serial number '5e0a96a879c14fab2b581cde41b1b811'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.