Zhang Ling

Publisher Information

Zhang Ling is a software publisher located in 北京市, China*. The company is a primary distributor of unwanted software. Thre are 4 additional code signing certificates issued to this publisher.
Authority:
WoSign CA Limited

Valid from:
8/20/2014 2:03:49 PM

Valid to:
6/20/2015 2:03:49 PM

Subject:
CN=Zhang Ling, E=chloezhangling@gmail.com, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
33d813964b450f4902ea98231c8ef97e

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ZhangLing.Q, PUP.ZhangLing.N, PUP.ZhangLing.E, PUP.ZhangLing.W, PUP.ZhangLing.J, PUP.Installer.ZhangLing.G, PUP.ZhangLing.P, PUP.ZhangLing.K, PUP.ZhangLing.Y, PUP.ELEX.ZhangLing (M), PUP.ELEX.ZhangLin (M), PUP.ELEX (M)
100.00%

VIPRE Antivirus
Threat.4788726, Threat.4758034, Trojan.Win32.Generic, Backdoor.Win32.Bifrose.fsi, Threat.4150696, Threat.5063632, Threat.4721115
26.83%

Baidu Antivirus
Adware.Win32.Agent, Adware.Win32.ELEX, Adware.Win64.Agent, Adware.Win64.Thinknice, PUA.Win32.Thinknice, Adware.Win32.Thinknice
26.83%

Malwarebytes
PUP.Optional.IePluginService.A, PUP.Optional.SupTab.A, PUP.Optional.Skytech.A, PUP.Optional.IEPluginService.A
19.51%

AhnLab V3 Security
PUP/Win32.SearchProtect, PUP/Win32.Helper, Win32/Kashu.E
17.07%

G Data
Win32.Application.SubTab, Adware.Agent.OKO, Adware.Generic.1094524, Adware.Agent.OFO, Application.Bundler.HG, Win64.Application.SearchProtect.AF
17.07%

Agnitum Outpost
PUA.Agent, Riskware.Agent, Trojan.Click
17.07%

Dr.Web
Trojan.Click3.9479, Adware.Mutabaha.236, Trojan.Click3.8536, Trojan.Damaged.1, Adware.Mutabaha.50, Trojan.StartPage1.6314
17.07%

ESET NOD32
Win32/Thinknice.E potentially unwanted application, Win64/Thinknice.F potentially unwanted application, Win32/ELEX.AV potentially unwanted application
17.07%

Kaspersky
not-a-virus:AdWare.Win32.Agent, not-a-virus:AdWare.Win64.Agent
14.63%

1 / 68      (Adware)
tmp00000009176db7c6e2b2baf8 (2.0.1.739 by Skytech Co.)  (bb5fff72c82f5485631d3e54544590b2)

1 / 68      (Adware)

1 / 68      (Adware)
uninstall.exe (TODO: <Product name>)  (88ceb699413a0d974f12a054afbded3b)

1 / 68      (Adware)
uninstall.exe (TODO: <Product name>)  (a664fb51745d5c3c3febd873fb19da05)

1 / 68      (Adware)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (d745dc7ad5cc8d82b8caff51074910af)

1 / 68      (Adware)
bhoenabler.exe  (cbfeffe9f54a771978deddc0e7d487bd)

1 / 68      (Adware)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (20ecf46021e50aa2926e37b5d2a2780f)

1 / 68      (Adware)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (56064128ef57ae904a7611f0c1e93e8c)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (dbd4e3e9d35e55baf95cd99dcbc18518)

1 / 68      (Adware)
tmp0000004ad445380a93147c35 (Skytech by Skytech Co.)  (1940effbf35f34095399731454ca49d1)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (1b4ded03c67c75c44bd673a5d9995744)

1 / 68      (Adware)
hpui.exe  (840b9d6e35f14e548fd28180fca023b8)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (da059b8703c52d770a177e6c9d4c8608)

1 / 68      (Adware)
uninstall.exe (TODO: <Product name>)  (5cb83b0704619845ade7eb8e6a183b97)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (6f5a00fffb13e34c4bcb242404f57a85)

1 / 68      (Adware)
hpui.exe  (55e2a027a52a2afa3ab8ceb1c3df700a)

1 / 68      (Adware)
uninstall.exe (TODO: <Product name>)  (ddfc2881894e2e948ceb8654bc8685f4)

1 / 68      (Adware)
uninstall.exe (TODO: <Product name>)  (7d332aac2f7640fae5c1b3206c691e32)

1 / 68      (Adware)

1 / 68      (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (a8bf31ab9bec264fec8ad2ece31151dc)

1 / 68      (Adware)
pluginservice.exe  (698a9af317b428c8de1385d328432ec4)

1 / 68      (Adware)

1 / 68      (Adware)
suptab_v5.8.8.777_noblank.exe  (4b946a89b15246bfae0830186d9be1e3)

1 / 68      (Adware)
tmp00000013d44febc7153fbb34  (aa728f3778710721d0b6d0b7bc057532)

21 / 68    (Adware)

1 / 68      (Adware)
bhoenabler.exe  (9c32e65bd1e4688542e946a1bd595e25)

15 / 68    (Adware)
RSHP.exe (RSHP IePlugin control by Skytech Co.)  (51370823b59b47b5201e1ea634c53e3f)

 
Latest 30 of 41 files

The certificates below are also signed by Zhang Ling.

44C9FA07E0C36E90C219294D56307B89  (Sep 15, 2014 to Jul 15, 2015)

64AA90E4D11751F466378DD4391C2CAB  (Nov 24, 2014 to Jun 24, 2015)

4BD6CD01962107D32D308240DA61E020  (Sep 23, 2014 to Jun 23, 2015)

07DAC38DB37E09DF8C8634065592DFE3  (Jun 06, 2014 to Jun 06, 2015)

* Note, the details and description above are based on the code signing digital signature issued to Zhang Ling by WoSign CA Limited on August 20, 2014 with the serial number '33d813964b450f4902ea98231c8ef97e'.