home

Yuxin WANG

Publisher Information

Yuxin WANG is a software publisher located in Beijing, China*. The company is a primary distributor of unwanted software. Thre are 46 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/13/2015 2:00:00 AM

Valid to:
8/13/2017 1:59:59 AM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
7e139a7b7017995b5b87896ddda95102

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ELEX.YuxinWANG (M), PUP.MyStartSearch.YuxinWANG.Meta (M), PUP.ELEX.YuxinWAN (M), PUP.ELEX.YuxinWAN.Installer (M), PUP.ELEX (M)
97.87%

Malwarebytes
PUP.Optional.Omniboxes.ShrtCln, PUP.Optional.MyStartSearch.ShrtCln, PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.ShrtCln
23.40%

Dr.Web
Adware.Mutabaha.597, Adware.Mutabaha.666
14.89%

NANO AntiVirus
Riskware.Win32.Mutabaha.dvglla, Riskware.Win32.Mutabaha.dvinmw, Riskware.Win32.Mutabaha.dvibxm
6.38%

K7 AntiVirus
Adware
4.26%

ESET NOD32
Win32/ELEX.ER potentially unwanted (variant), Win32/ELEX.EP potentially unwanted
4.26%

avast!
Win32:PUP-gen [PUP]
4.26%

Microsoft Security Essentials
BrowserModifier:Win32/SupTab
4.26%

Fortinet FortiGate
Riskware/Elex
4.26%

AVG
Generic, Elex
4.26%

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4471_age_oursurfing)  (95bd0515796cdf083fe139a2239ecd0e)

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4548_age_oursurfing by Webank.net)  (7c61281d970ae34b33a0c8c90c6c7914)

1 / 68      (Adware)
istartsurf.exe (4410_pcs_istartsurf by Welnk.com)  (484298cf0c31edbe3a1055fa807794fc)

1 / 68      (Adware)
smt_istartsurf.exe (4563_smt_istartsurf by Webank.net)  (7c9fc662629727056d79f44280c563b9)

1 / 68      (Adware)
amt_oursurfing.exe (4527_amt_oursurfing by 7th)  (42d707d5edfa79d1f92fb676e9eae6a3)

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4409_age_oursurfing by Welnk.com)  (43a5dcb6db98094c6339dae0cbbac88e)

1 / 68      (Adware)
sfpsnew1_mystartsearch.exe (4426_sfpsnew1_mystartsearch by Welnk.com)  (783b08c06ac699ea9d8be08bc34c4183)

1 / 68      (Adware)
setup_magic_ct.exe (4418_pjr_oursurfing by WeBank.com)  (4fce3b71f867476cdf6fd1755a197ada)

1 / 68      (Adware)
tti_omniboxes.exe (4401_tti_omniboxes by WeBank.com)  (7de3df8ce83a61ca6fb8c794eb79f8e9)

1 / 68      (Adware)
rbm_istartsurf.exe (4422_rbm_istartsurf by Welnk.com)  (39c8b5b90d827bde9a69e059977b3244)

1 / 68      (Adware)
vau3f4.tmp.exe (4550_ium6_mystartsearch by Welnk.com)  (4db69bc339de60e393cdfce20777b7ae)

1 / 68      (Adware)
lly1_istartsurf.exe (4541_tug1_istartsurf by Webank.net)  (ec510125a3edb039c111f6a36bf6ab59)

1 / 68      (Adware)
bdo_mystartsearch.exe (4424_bdo_mystartsearch by Welnk.com)  (06c13be049d628d20be55edca3c0ff02)

1 / 68      (Adware)
6ff1.tmp.exe (4469_eit_oursurfing by 7th)  (9dae4b5f70723dcfadf8d79d771dd2cd)

1 / 68      (Adware)
smt_oursurfing.exe (4555_smt_oursurfing by Welnk.com)  (3fbc9edddec0ce5614782cf81ce9d8eb)

1 / 68      (Adware)
uq68tiquml74mw3ogs3jmhv9xduq68tiquml74mw3ogs3jmhv9xd_a9.exe (4433_pcm_istartsurf by Welnk.com)  (174c982f91b4fbbf128179f4213c3028)

1 / 68      (Adware)
scl_oursurfing.exe (4427_scl_oursurfing by Welnk.com)  (feb9a2d41acd2106b42afa076d872c68)

1 / 68      (Adware)
lly_mystartsearch.exe (4565_tugs_mystartsearch by Webank.net)  (28a47e147a26ec8bcba9601a5ff8a7ca)

1 / 68      (Adware)
sien_mystartsearch.exe (4425_sien_mystartsearch by Welnk.com)  (10003c071c6a369f907de556b0f74e99)

1 / 68      (Adware)
oursurfing.exe (4572_2sq1_oursurfing by Webank.net)  (13c5d02f46b868f928f8db87cb9b425a)

1 / 68      (Adware)
freeistartsurf.exe (4551_free_istartsurf by Welnk.com)  (5ba5b90d088d1c532c323edd03447471)

1 / 68      (Adware)
lly_istartsurf.exe (4566_tugs_istartsurf by Webank.net)  (2b966230ffb8fcfca8b8b1208bb12fd8)

24 / 68    (Adware)
oursurfing.exe (4466_wscy2_oursurfing by Welnk.com)  (e6b43521ee867a21883890f245cc3bb7)

1 / 68      (Adware)
smt_oursurfing.exe (padingpadingpadingpadingpadingpadingpadingpadingpadingpadingpadingpadingpadingpading by Webank.net)  (fd3d0c3c1960de396faa8a488ac7f55a)

1 / 68      (Adware)
lly1_istartsurf.exe (4567_tug1_istartsurf by Webank.net)  (1463bb8fa04eb264072c4dadc8fa1868)

9 / 68      (Adware)
smt_istartsurf.exe (4556_smt_istartsurf by Welnk.com)  (81998e2e68b29977650c232db7d399e0)

2 / 68      (Adware)
smt_oursurfing.exe (4560_smt_oursurfing by Webank.net)  (a03f038641dac828123f07d409cb40f5)

1 / 68      (Adware)
oursurfing.exe (4574_2sq3_oursurfing by Webank.net)  (25e8d18de6cbe5a93d0def8078919450)

1 / 68      (Adware)
0p1i9lkpusw==1.exe (4571_2sq_oursurfing by Webank.net)  (1d26724732df52b821960f2da249ceee)

2 / 68      (Adware)
smt_istartsurf.exe (4563_smt_istartsurf by Webank.net)  (9ab0850e4d031c566ca0a1d628aae615)

 
Latest 30 of 47 files

Downloads URLs for files signed by Yuxin WANG.

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../ium6_mystartsearch.exe  (276e5e94ebb9b875ac619822696230d1)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../ium6_mystartsearch.exe  (4db69bc339de60e393cdfce20777b7ae)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../scl_oursurfing.exe  (feb9a2d41acd2106b42afa076d872c68)

1 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (174c982f91b4fbbf128179f4213c3028)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (1d26724732df52b821960f2da249ceee)

1 / 68      (Adware)
http://www.girlliuxiaowei.com/.../eit_oursurfing.exe  (9dae4b5f70723dcfadf8d79d771dd2cd)

2 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../buzz_oursurfing.exe  (51dfc4f94e4ddc38d7727282cd0d0681)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (2b966230ffb8fcfca8b8b1208bb12fd8)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (9e6a830b5922edeec369a3cdee66f64f)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../air_istartsurf.exe  (1d782f4583c65a0e95cae87ec55c3d45)

The following websites host and distribute files published by Yuxin WANG.

www.girlliuxiaowei.com

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Yuxin WANG.

2C416DD3D70B97FC4234C97961D44A24  (Dec 07, 2015 to Aug 14, 2017)

42B89DFF0EF561EC67F3D06741ADE295  (Nov 25, 2015 to Aug 14, 2017)

56493BF0156090CDE0540B795E8541C0  (Feb 10, 2016 to Aug 14, 2017)

0AB62C6D3E19ADF07A06CAFBBBAA27A5  (Feb 08, 2016 to Aug 14, 2017)

2DA55CBA91AF41B2B38306063798B9CB  (Jan 11, 2016 to Aug 14, 2017)

32FE5013D2C7ECC50B6FCEF24F95BE42  (Jan 15, 2016 to Aug 14, 2017)

53780CF050BA35CB5EB86E310BA4C82A  (Jan 13, 2016 to Aug 14, 2017)

5EA44E193FCC51F5A02C23795BDE703B  (Nov 27, 2015 to Aug 14, 2017)

778C2E8E17E285D4882E35D29D8224A9  (Jan 05, 2016 to Aug 14, 2017)

13910B2C74A5DDEADB91E4270330B489  (Dec 31, 2015 to Aug 14, 2017)

10 of 46 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Giner Tech Inc

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co., Limited

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Search Vortex

Thinknice Co. Limited

Banyan Tree Technology Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Yuxin WANG by thawte, Inc. on August 13, 2015 with the serial number '7e139a7b7017995b5b87896ddda95102'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.