home

Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/15/2015 7:00:00 AM

Valid to:
1/20/2016 7:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, L=Jilin, S=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0ee8148cfab3bca2854be89912aaa0d9

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FuyuanZhou (M), PUP.FuyuanZhou.Installer (M), PUP.FuyuanZh (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.OurSeaching.A, PUP.Optional.MyStartSearch.A, PUP.Optional.IStartSurf.A
41.18%

Dr.Web
Adware.Mutabaha.361, Adware.Mutabaha.508, Adware.Mutabaha.306, Adware.Mutabaha.485
41.18%

Bkav FE
W32.HfsAdware
35.29%

ESET NOD32
Win32/ELEX.CL potentially unwanted (variant), Win32/ELEX.DY potentially unwanted (variant), Win32/ELEX.EC potentially unwanted (variant)
35.29%

Baidu Antivirus
Adware.Win32.ELEX
35.29%

Panda Antivirus
PUP/MyStartSearch
23.53%

K7 AntiVirus
Adware
11.76%

Agnitum Outpost
Riskware.Agent
11.76%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
5.88%

1 / 68      (Adware)
wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768)  (47a16ef3abd73940a959e5ce28e785c5)

1 / 68      (Adware)
wpc_mystartsearch.exe.tmp (4009_wpc_mystartsearch by 768)  (71c58b5577e39d918dcd7f0c8a4b02ac)

1 / 68      (Adware)
adv_76.exe (4023_ima_mystartsearch by HTabp.com)  (51355ba5ddf0647db1b582a7e4bffb1a)

1 / 68      (Adware)
wpc_mystartsearch.exe (4110_wpc_mystartsearch by 7th)  (c280adc040ab6af2f9e6fd61f250e544)

1 / 68      (Adware)
adv_46.exe (3421_ima_istartsurf by HTabp.com)  (a73c294f57d300d016d2d17282f446b0)

6 / 68      (Adware)
amt_oursurfing.exe (4109_amt_oursurfing by Software Removal tool)  (09f82549a28c59032652c947ed057ae6)

1 / 68      (Adware)
HTabp.exe (3950_amt_omniboxes by HTabp.com)  (6660bd245594718ce4324f5d28d5694d)

6 / 68      (Adware)
adv_76.exe (4111_ima_mystartsearch by Software Removal tool)  (931c9b607405385ccdf2e4d4f94afbe4)

1 / 68      (Adware)
wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768)  (d551e2477efc3286e91dfb5bbdf1f986)

1 / 68      (Adware)
wpc_mystartsearch.exe (4068_wpc_mystartsearch by 768)  (638fc9cc5c75e7fe8a4a9c01501f0d41)

10 / 68    (Adware)
mystartsearch_slbnew_2306--b4362944.exe (3390_slbnew_mystartsearch by HTabp.com)  (b487db56d6f4d2a4f0f2c9c83e749e39)

14 / 68    (Adware)
wpc_mystartsearch.exe (4009_wpc_mystartsearch by 768)  (d2ef8ea00180d10fa7eda1af2ed72033)

8 / 68      (Adware)
0p1m8l01stw==2.exe (3447_obw_istartsurf by HTabp.com)  (19f7773009f46d768351462c8c963949)

7 / 68      (Adware)
wpc_mystartsearch.exe (4004_wpc_mystartsearch by Welnk.com)  (8d6b5cdb1fb08be9de5c27fd53b11f35)

4 / 68      (Adware)
setup_magic_ct.exe (3948_pjr_oursurfing by 7th)  (db85ec6d4dc7585a76a84a5f83b6c210)

1 / 68      (Adware)
wpc_mystartsearch.exe (4002_wpc_mystartsearch by Welnk.com)  (c894139a029d7c5f2de203b60de892ea)

1 / 68      (Adware)
wpc_mystartsearch.exe (3957_wpc_mystartsearch by Synergy (32-bit))  (3af729a4cbfc2a3e6cadc39c07c24ea1)

Downloads URLs for files signed by Fuyuan Zhou.

1 / 68      (Adware)
http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe  (638fc9cc5c75e7fe8a4a9c01501f0d41)

8 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (19f7773009f46d768351462c8c963949)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../pjr_oursurfing.exe  (db85ec6d4dc7585a76a84a5f83b6c210)

The following websites host and distribute files published by Fuyuan Zhou.

d3kj6o4rxau601.cloudfront.net

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F  (Jun 21, 2016 to Jun 22, 2017)

4AC20618E32CD1852F905D6065B9B8B8  (Jul 24, 2016 to Jun 21, 2017)

27E9D420E262B14FD8289B7C0BB6D41F  (Jul 31, 2016 to Jun 21, 2017)

21E4E205D19BCF68E4675D7F8F39A764  (Jul 10, 2016 to Jun 21, 2017)

694E0B4980507DB9D7F34C8B076D2070  (Jun 29, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

Li Mo

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '0ee8148cfab3bca2854be89912aaa0d9'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.