home

Luhong Han

Publisher Information

Luhong Han is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 22 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/10/2016 5:00:00 PM

Valid to:
4/1/2017 4:59:59 PM

Subject:
CN=Luhong Han, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
55e2f3402c44d3385765d85622dda510

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Updater (M), Adware.Elex (M), PUP.ELEX, PUP.Elex (M)
93.33%

ESET NOD32
Win32/Obfuscated.NHQ trojan
13.33%

Microsoft Security Essentials
Trojan:Win32/Ghokswa
6.67%

AVG
Adware Generic_s.IO
6.67%

Dr.Web
Adware.Mutabaha.1800
6.67%

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
birdeyeupdate.exe  (9b89552b1d7e12e407c7c04816db8e24)

1 / 68      (PUP)
birdeyeupdate.exe  (8ceb7b76862d459e67e6f396c190f68e)

1 / 68      (PUP)
birdeyeupdate.exe  (b75d967cc94f07ed77c1acdd67346340)

1 / 68      (PUP)
zootonyupdate.exe  (be309453a0f75971ac66880935f3db5a)

4 / 68      (PUP)
zootonyupdate.exe  (0e33395cf3b193c79009a93c59b81d2d)

1 / 68      (PUP)
chzjf.exe  (16ed2e59f6203789f882fb5a8aee9d8f)

1 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

1 / 68      (PUP)
birdeyeupdate.exe  (9c304801b331d3758fedf4f853a415c8)

2 / 68      (PUP)
zootonyupdate.exe  (d19439967d885c565d7417af6045ff6b)

The certificates below are also signed by Luhong Han.

1DBCDA4C3B9717FD38F1208F6841B3FE  (Jun 22, 2016 to Apr 02, 2017)

501EAE68B9AF651C1372410F73CD4F0F  (Aug 29, 2016 to Apr 02, 2017)

15E84C7A6CD8C360836D7AC332EC3248  (Aug 22, 2016 to Apr 02, 2017)

28B5BF96D55B5A39A9E10BB0565C2F29  (Oct 20, 2016 to Apr 02, 2017)

0DDF099C3F8BCDF1AFEDD9CAF403F034  (Jun 29, 2016 to Apr 02, 2017)

3A4865996F1971B8EF43D56EEA05C52E  (Sep 20, 2016 to Apr 02, 2017)

45B88C5A9972CD2024BB24DB574E2B3C  (Jul 06, 2016 to Apr 02, 2017)

6F1A02A25EBF95FC2471099A880E9D0C  (Oct 12, 2016 to Apr 02, 2017)

6826AB84A60D61B9E8457BFAF890D845  (Jul 27, 2016 to Apr 02, 2017)

1DCF8765442AB00A1901D7E33D6539FC  (Oct 08, 2016 to Apr 02, 2017)

10 of 22 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Luhong Han by thawte, Inc. on August 10, 2016 with the serial number '55e2f3402c44d3385765d85622dda510'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.