home

CJ Mooter Inc.

Publisher Information

CJ Mooter Inc. is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.
Authority:
VeriSign, Inc.

Valid from:
4/20/2012 9:00:00 AM

Valid to:
7/21/2013 8:59:59 AM

Subject:
CN=CJ Mooter Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CJ Mooter Inc., L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58e039409ec65745dfe47259a1a2b422

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP (M)
100.00%

1 / 68      (Adware)
WinExpandSetup_liveup.exe (WinExpandSetup_liveup by CJMooter)  (f37432cca3980a6ee56a68513ccddb4e)

1 / 68      (Adware)
GamebongIPlus.dll  (8edf6c73ed53996225a5ddfcaf7e3b3c)

1 / 68      (Adware)
WinExpand_f5.dll (WinExpand_f5 Module)  (3a33ce1ed3a4e427f94aa9fdb3b3711f)

1 / 68      (Adware)
WinExpand_nwgn.dll (WinExpand_nwgn Module)  (604d18672d67ad6503e9f96341ee5f16)

1 / 68      (Adware)
WinExpand_boa.dll (WinExpand_boa Module)  (a46a346bf7cce306984810afe4c29457)

1 / 68      (Adware)
WinxpendUP_lvu5.EXE  (b67a58a8d0b6c3c9bfcc6e209419677a)

1 / 68      (Adware)
WEUninstall_lvu5.exe (WEUninstall_lvu5 by CJMooter)  (d887df5bc5f0b03d916d0ae6d8fbf5e7)

1 / 68      (Adware)
winexpandsetup_jjangq.exe (WinExpandSetup_jaq by CJMooter)  (cb8d63d6b2b5e2181a7713956447fa96)

1 / 68      (Adware)
winexpandsetup_downs.exe (WinExpandSetup_nows by CJMooter)  (cbf8320f46e1a2a314bf000a20303737)

1 / 68      (Adware)
winxpendup_ngmel.exe  (22d84d036dc46153b0b1bd2c72e7c51c)

1 / 68      (Adware)
WinExpand_cyame.dll (WinExpand_cyame Module)  (cd4c2877fead1662267c9254768450f6)

1 / 68      (Adware)
WinExpand_smve5.dll (WinExpand_smve5 Module)  (4906e033067b5f4bb85f90c5713e6b2a)

1 / 68      (Adware)
weuninstall_nwdwns.exe (WEUninstall_newdowns by CJMooter)  (b4ee26baaaf1091a3b4232fb110a81e5)

1 / 68      (Adware)
WinExpand_nwdwns.dll (WinExpand_nwdwns Module)  (cf6c759ae236778b870da59efbc16d30)

1 / 68      (Adware)
WinxpendUP_nwdwns.EXE  (151cce7a0615f54fdf5e674dd3f903a1)

1 / 68      (Adware)
WinExpand_cyame.dll (WinExpand_cyame Module)  (14b81e5d868b7f7fe654bd7237fe37cf)

1 / 68      (Adware)
WinExpand_jaq.dll (WinExpand_jaq Module)  (cc21eb2305286dcc4fa2f14724e60933)

1 / 68      (Adware)
WinExpand_f5.dll (WinExpand_f5 Module)  (4776d2a02459cc82e96b0a9654ea363a)

1 / 68      (Adware)
WinxpendUP_nwuk2.EXE  (d1d54187740711e4f697b8a9e6d60ddb)

1 / 68      (Adware)
WinExpand_nwuk2.dll (WinExpand_nwuk2 Module)  (ee996533f399bec13efc52e7b5a15e69)

1 / 68      (Adware)
weuninstall_nwuk2.exe (WEUninstall_newutilkorea2 by CJMooter)  (581c582c47525a17099217301985ee09)

1 / 68      (Adware)
winxpendup_flh4.exe  (3288cba8ec69e4751e37dbb7231df5ff)

1 / 68      (Adware)
WinExpand_flh4.dll (WinExpand_flh4 Module)  (4adda9e287dac008a5f9e726484a05ea)

1 / 68      (Adware)
WEUninstall_flh4.EXE  (20b4490f04562808da6441aad0ba0723)

1 / 68      (Adware)
iplussetup_sharebox.exe  (ee3fc21247839221d37380da783bd524)

1 / 68      (Adware)
GamebongWinExpand.dll  (c3d2762f74bbe7475c7d851d84554e6f)

1 / 68      (Adware)
WinExpand_nshe.dll (WinExpand_nshe Module)  (4878fe561e5fce7c4a1d8d422087bd69)

1 / 68      (Adware)
WinExpand_nwsps.dll (WinExpand_nwsps Module)  (8a1061a1273ca0442b4daa0df2c404fd)

1 / 68      (Adware)
WinExpandSetup_utilkorea2.exe (WinExpandSetup_utilkorea2 by CJMooter)  (6cfaf8f064c5b1a87f4a9fbb4586aa4c)

1 / 68      (Adware)
WinExpandSetup_micropop.exe (WinExpandSetup_micropop by CJMooter)  (65a353a9ef7464d463ff640fbaeaef39)

 
Latest 30 of 191 files

The certificates below are also signed by CJ Mooter Inc..

67B841AD06BF7C23C9B3BC83920C4F94  (May 01, 2013 to Aug 01, 2014)

3D0DAED61E180A0536952254A8C14AAD  (Apr 14, 2011 to Jun 13, 2012)

3337DF1FA8FB0F79AFD72AA77BC85A4F  (Mar 26, 2010 to May 26, 2011)

* Note, the details and description above are based on the code signing digital signature issued to CJ Mooter Inc. by VeriSign, Inc. on April 20, 2012 with the serial number '58e039409ec65745dfe47259a1a2b422'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.