home

Fuyuan Zhou

Publisher Information

Fuyuan Zhou is a software developer located in Jilin, China*. The company is a primary distributor of unwanted software. Thre are 20 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
1/15/2015 1:00:00 AM

Valid to:
1/20/2016 1:00:00 PM

Subject:
CN=Fuyuan Zhou, O=Fuyuan Zhou, S=Jilin, L=Jilin, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0f23159ab625ce992a314c35f55b4f8e

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.FuyuanZhou, PUP.Installer.FuyuanZhou, Threat.Installer.FuyuanZhou, PUP.FuyuanZhou (M), PUP.FuyuanZhou.Installer (M), PUP.FuyuanZh (M), PUP (M)
100.00%

Malwarebytes
PUP.Optional.LuckySearches.A, PUP.Optional.MyStartSearch.A, PUP.Optional.KeyFind.A, PUP.Optional.IStartSurf.A, PUP.Optional.Omniboxes.A
69.44%

herdProtect (fuzzy)
a variant of 745a43c02e404715c4a79dba11d56582e230e242, a variant of 5f1f3668a8796b509ccd3c151334f6f7aca87903, a variant of 7258476901929f8cd3fd6e33fb708666df5bacbe
61.11%

K7 AntiVirus
Unwanted-Program , Adware , Trojan
58.33%

Sophos
Elex, PUA 'Elex' (of type Adware)
55.56%

Baidu Antivirus
Adware.Win32.ELEX, PUA.Win32.ELEX
50.00%

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant), Win32/ELEX.CF potentially unwanted (variant)
44.44%

Dr.Web
Adware.Mutabaha.220, Adware.Mutabaha.228, Adware.Mutabaha.179, Adware.Mutabaha.228, Adware.Mutabaha.193, Adware.Mutabaha.228, Adware.Mutabaha.190
44.44%

VIPRE Antivirus
BehavesLike.Win32.Malware.sfd (mx-v), Threat.4726263, Trojan.Win32.Generic
41.67%

AVG
Downloader, Potentially harmful program Downloader, Generic
36.11%

1 / 68      (Adware)
components3 (3155_fsf_luckysearches by HTabp.com)  (f6855c8fbf2b97a9abfeea969bf746cc)

1 / 68      (Adware)
scl_luckysearches.exe (2995_scl_luckysearches by Spy union)  (27fd78eb8ca070d821d4950fa560cb7e)

1 / 68      (Adware)
scl_luckysearches.exe (2900_scl_luckysearches by ylsn)  (7ea7824eaa042ed9296d73f90e909179)

1 / 68      (Adware)
scl_luckysearches.exe (3200_scl_luckysearches by ogu)  (25cebec18ecd4bde14c2d0f008cfbaa7)

1 / 68      (Adware)
0ab21rn1.exe (2806_obw_omniboxes by TabMain)  (adb9c1ecbdd1e86c1c1a4f4518a950f6)

1 / 68      (Adware)
setup_magic_ct.exe (3245_pjr_luckysearches by WDT)  (8294fa3267f2cbab583b2e1d1e41ac15)

1 / 68      (Adware)
mystartsearch_slb2_2403-a10ecb10.exe (3320_slb2_mystartsearch by HTabp.com)  (6f2436b231ff72b74d1dd44b695bbc4d)

1 / 68      (Adware)
con_mystartsearch.exe (3244_con_mystartsearch by WDT)  (fcb2d6e4fdbf2f35563a0b8992d337db)

1 / 68      (Adware)
0ab23rn1.exe (2963_obw_omniboxes by Spy union)  (d80c574ac18300b120046094de94dd47)

1 / 68      (Adware)
con_mystartsearch.exe (3220_con_mystartsearch by ogu)  (2c1ff5689b45c0269fc201849ff6b956)

1 / 68      (Adware)
scl_luckysearches.exe (3246_scl_luckysearches by WDT)  (7a157250725a563101605f89f55ffd68)

1 / 68      (Adware)
scl_luckysearches.exe (3135_scl_luckysearches by ylsn)  (df995ab425f4261e9bd6945e8326dca0)

11 / 68    (Adware)
setup_et_sc.exe (3335_scl_luckysearches by HTabp.com)  (d019bd16638713036c0d53a01290a947)

14 / 68    (Adware)
setup_magic_ct.exe (3333_pjr_luckysearches by HTabp.com)  (2e50466cb325f7b65f7988a136baa658)

12 / 68    (Adware)
setup_magic_ct.exe (2899_pjr_luckysearches by ylsn)  (671666717f71ed55e9a7cc8b03ba6fcf)

14 / 68    (Adware)
setup_magic_ct.exe (3049_pjr_luckysearches by TabMain)  (11b434b898f818fb2baccae425225afa)

11 / 68    (Adware)
components (3318_fsf_luckysearches by HTabp.com)  (7da7246dc81b57797718f03791f59b00)

13 / 68    (Adware)
mystartsearch_slbnew_2403-df899488.exe (3321_slbnew_mystartsearch by HTabp.com)  (309dae227047d467f8a9fb3c9f796c5b)

8 / 68      (Adware)
0ab21rn1.exe (2807_obw_omniboxes by dbji)  (33f4b0edc5ee884a2f339124025eab96)

14 / 68    (Adware)
setup_magic_ct.exe (3277_pjr_luckysearches by ogu)  (f0745e798e41fb7fd6833faf5ad76d5e)

12 / 68    (Adware)
0ab16rn1.exe (3328_obw_omniboxes by HYS)  (67ce431883bcafca60a025ba7eeb7935)

9 / 68      (Adware)
wpc_mystartsearch.exe (3288_wpc_mystartsearch by HYS)  (93912ffe994271b84a1d960b816e4a29)

8 / 68      (Adware)
0agrj2.exe (3231_obw_omniboxes by ogu)  (03a4d255bdae7c03ea36e4e5be1e60f4)

13 / 68    (Adware)
mystartsearch_slbnew_1003-f0713564.exe (3104_slbnew_mystartsearch by HTabp.com)  (437487b5d621cfb938857affd4be277f)

13 / 68    (Adware)
setup_magic_ct.exe (3199_pjr_luckysearches by ogu)  (b4cd8cd501d7a96381e4c0a1b4f04cd8)

20 / 68    (Adware)
setup_magic_ct.exe (3134_pjr_luckysearches by ylsn)  (31e0372656c5eaf842997eea94129bd9)

7 / 68      (Adware)
wpc_mystartsearch.exe (3190_wpc_mystartsearch by gsuwo)  (f20eabc2f57eeb1163151db1b0f01b5f)

11 / 68    (Adware)
wpc_mystartsearch.exe (3117_wpc_mystartsearch by HTabp.com)  (01f4fe8bb2949e821d6b70f043d237d7)

11 / 68    (Adware)
mystartsearch_slb2_1003-2dcd964a.exe (3103_slb2_mystartsearch by HTabp.com)  (9df53a311cecff8ea2933cd8e28334b8)

14 / 68    (Adware)
obw_omniboxes.exe (3106_obw_omniboxes by ylsn)  (0cdb7a304576cf6d8ed40cd04c2646e3)

 
Latest 30 of 36 files

Downloads URLs for files signed by Fuyuan Zhou.

13 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../pjr_luckysearches.exe  (b4cd8cd501d7a96381e4c0a1b4f04cd8)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (adb9c1ecbdd1e86c1c1a4f4518a950f6)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (06f2035dd09f39674041512ff11c2345)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../scl_luckysearches.exe  (25cebec18ecd4bde14c2d0f008cfbaa7)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../pjr_luckysearches.exe  (671666717f71ed55e9a7cc8b03ba6fcf)

14 / 68    (Adware)
http://d3kj6o4rxau601.cloudfront.net/.../pjr_luckysearches.exe  (2e50466cb325f7b65f7988a136baa658)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (d80c574ac18300b120046094de94dd47)

11 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (eb0b57f274902c944a9d36ee4d3b0cd7)

1 / 68      (Adware)
http://www.girlyangshijian.com/.../con_mystartsearch.exe  (fcb2d6e4fdbf2f35563a0b8992d337db)

14 / 68    (Adware)
http://d3kj6o4rxau601.cloudfront.net/.../pjr_luckysearches.exe  (f0745e798e41fb7fd6833faf5ad76d5e)

8 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (33f4b0edc5ee884a2f339124025eab96)

20 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../pjr_luckysearches.exe  (31e0372656c5eaf842997eea94129bd9)

11 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../scl_luckysearches.exe  (d019bd16638713036c0d53a01290a947)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (666f415fd8f9b30f65ccaa420a7916f7)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../scl_luckysearches.exe  (7a157250725a563101605f89f55ffd68)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (3d2581656c3871e70b524e3a3d0b9b6f)

11 / 68    (Adware)
http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe  (01f4fe8bb2949e821d6b70f043d237d7)

12 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (67ce431883bcafca60a025ba7eeb7935)

14 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (0cdb7a304576cf6d8ed40cd04c2646e3)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../scl_luckysearches.exe  (df995ab425f4261e9bd6945e8326dca0)

9 / 68      (Adware)
http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe  (93912ffe994271b84a1d960b816e4a29)

7 / 68      (Adware)
http://d3kj6o4rxau601.cloudfront.net/wpc_mystartsearch.exe  (f20eabc2f57eeb1163151db1b0f01b5f)

8 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_omniboxes.exe  (03a4d255bdae7c03ea36e4e5be1e60f4)

The following websites host and distribute files published by Fuyuan Zhou.

www.girlyangshijian.com

d3kj6o4rxau601.cloudfront.net

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Fuyuan Zhou.

0633AA0281655507B43A43C58AC87E24  (Aug 25, 2016 to Jun 22, 2017)

2D0CB6E3DC3A12D7CBCD35A38BE4422E  (Aug 04, 2016 to Jun 22, 2017)

0974CC6B92609F4843A5406187BEF59D  (Jul 28, 2016 to Jun 22, 2017)

77D22DAACE96DBDBC4E25EEF00C3F1D4  (Aug 24, 2016 to Jun 22, 2017)

46001FFDEB7F044C0D53B13CFF5C98A6  (Jul 06, 2016 to Jun 22, 2017)

10BAEFFAE92E787F9C63D3CE7A487E6F  (Jun 21, 2016 to Jun 22, 2017)

4A7ABA23225E999B2DA6A856853C0E31  (Jun 30, 2016 to Jun 21, 2017)

4AC20618E32CD1852F905D6065B9B8B8  (Jul 24, 2016 to Jun 21, 2017)

31813BE26CE4CFCD461FED27AC9B5D68  (Aug 10, 2016 to Jun 21, 2017)

694E0B4980507DB9D7F34C8B076D2070  (Jun 29, 2016 to Jun 21, 2017)

10 of 20 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

Li Mo

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Fuyuan Zhou by DigiCert Inc on January 15, 2015 with the serial number '0f23159ab625ce992a314c35f55b4f8e'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.