OOO Kango

Publisher Information

OOO Kango is a software developer located in Novosibirsk, Russia*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. There is one additional code signing certificate issued to this publisher.
Remove OOO Kango Malware - Powered by Reason Core Security
Authority:
VeriSign, Inc.

Valid from:
9/2/2013 2:00:00 AM

Valid to:
12/2/2016 12:59:59 AM

Subject:
CN=OOO Kango, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OOO Kango, L=Novosibirsk, S=Novosibirsk, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0239634e379703cc4fb0a20568600b2d

Scanner detections:
Detections  (54% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.OOOKango.P, PUP.Installer.OOOKango.I, PUP.Installer.OOOKango.V, PUP.Installer.OOOKango.U, PUP.Installer.Kango, PUP.Kango.Installer, PUP.Kango.OOOKango.Installer (M), PUP.Kango.OOOKango (M)
68.75%

Dr.Web
BackDoor.Wirenet.5, Win32.HLLP.Jeefo.36352, Threat.Undefined, Trojan.Starter.5042, Adware.Plugin.111
31.25%

Clam AntiVirus
W32.Jeefo-3, W32.Neshuta.A, Win.Trojan.Application-1470
21.88%

MicroWorld eScan
Trojan.GenericKD.2479255, Win32.Jeefo.B, Win32.Neshta.A, Gen:Variant.Symmi.8295
18.75%

Bitdefender
Trojan.GenericKD.2479255, Win32.Jeefo.B, Win32.Neshta.A, Gen:Variant.Symmi.8295
18.75%

Lavasoft Ad-Aware
Trojan.GenericKD.2479255, Win32.Jeefo.B, Win32.Neshta.A, Gen:Variant.Symmi.8295
18.75%

Emsisoft Anti-Malware
Trojan.GenericKD.2479255, Win32.Jeefo, Win32.Neshta, Gen:Variant.Symmi.8295
18.75%

F-Secure
Trojan.GenericKD.2479255, Win32.Jeefo.B, Win32.Neshta.A, Gen:Variant.Symmi.8295
18.75%

VIPRE Antivirus
Lookslike.MSIL.Zbot.a, Virus.Win32.Jeefo.a, Virus.Win32.Neshta.a, Trojan.Win32.Generic
18.75%

G Data
Trojan.GenericKD.2479255, Win32.Jeefo, Win32.Neshta, Gen:Variant.Symmi.8295
18.75%

0 / 68
Updater.exe (Updater Module)  (87fd80141595c7bf4582e161787064e5)

0 / 68
Updater.exe (Updater Module)  (ca6370bfc8742d030e49ed6ec5302071)

0 / 68
setup-lightshot.tmp  (2fd6087251a2771f7aec5b0b2c7579d0)

10 / 68    (PUP)
setup-lightshot.exe (lightshot by Skillbrains)  (09cf11a525d861ef02d298aa80ea2b28)

10 / 68    (PUP)
setup-lightshot.exe (lightshot by Skillbrains)  (2b7be469e1f89991982eec80476750a6)

10 / 68    (PUP)
setup-lightshot.exe (lightshot by Skillbrains)  (8efca570c4e90f28ac6183fb6fb92dfe)

2 / 68
setup-lightshot.exe (lightshot by Skillbrains)  (1942086390657d7a481f6af608ec5051)

0 / 68
setupupdater.tmp  (1eb1a2d2adc92cd3beb66fb9cce25ebe)

2 / 68
setup-lightshot.exe (lightshot by Skillbrains)  (a43ec4ab7439dbdd3bf72cbb8720b533)

45 / 68    (Malware)
setup-lightshot.exe  (84721da455aa5a4b38b8acb16dfa9560)

0 / 68
Net.dll (Lightshot by Skillbrains)  (aa9a5be117a361d7687292aa06f62d1e)

0 / 68
DXGIODScreenshot.dll (Lightshot by Skillbrains)  (d05a5d182aeae83a2b4df2382756a224)

1 / 68
lightshot.exe (Starter Module)  (6dc6e1c84ef619a24a1daf2fe28b84a8)

0 / 68
Uploader.dll (Lightshot by Skillbrains)  (96427650c387040050eb2cccca35fb09)

0 / 68
Lightshot.dll (Lightshot by Skillbrains)  (425fe2cd84edaa4c0cb53b4f5a4fc45c)

0 / 68
setup-lightshot.tmp  (eed7d9aa2c3e0037f9ef3db078601853)

0 / 68
lightshot.exe (Lightshot by Skillbrains)  (8768bc6895888b8cc976d64f8193a88e)

1 / 68      (inconclusive)
setup-lightshot.exe (lightshot by Skillbrains)  (9f0a2606cb6f6f67f7b6f494c5bb90a5)

0 / 68
setupupdater.exe (updater)  (f1d385d93b7d741ec62023581302f146)

1 / 68      (inconclusive)
setup-lightshot.exe (lightshot by Skillbrains)  (12b1d1cc20776bccdb38497229c65224)

47 / 68    (Malware)
updater.exe (Starter Module)  (3a5f5cc9c6206692263e720ae688d09d)

0 / 68
unins000.exe  (1d977b701182000840b861cc2c1418fc)

2 / 68      (PUP)
lightshot.exe (Starter Module)  (f3be50bf317ceb53cbfa0a2543cf8941)

1 / 68      (PUP)
setup-lightshot.exe (lightshot by Skillbrains)  (52fa2c416c02119cf448c06524ed4c18)

1 / 68      (PUP)
setup-lightshot.exe (lightshot by Skillbrains)  (50bdc22e1fad24abc342b3055abf58b7)

0 / 68
unins000.exe  (68b042f2b3723a413fffe34115f279a1)

0 / 68
{blocked}.exe (lightshot by Skillbrains)  (52fa2c416c02119cf448c06524ed4c18)

34 / 68    (PUP)
c09fbb61046e9beb59c3f9acf9852c0e.exe (by IObit)  (c09fbb61046e9beb59c3f9acf9852c0e)

1 / 68      (PUP)
unins000.exe  (57dc61affc27d29f6fbe49369ba26760)

1 / 68      (PUP)
setup_updater-1.7.0.5.tmp  (7dadcd2f29181e47bbd5313420c06ad9)

 
Latest 30 of 142 files

Downloads URLs for files signed by OOO Kango.

0 / 68

0 / 68

0 / 68
http://www.lo4d.com/get-file/lightshot/.../  (setup-lightshot-5.3.0.0.exe)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

1 / 68      (PUP)

0 / 68

0 / 68

0 / 68

0 / 68
https://app.prntscr.com/.../setup-lightshot.exe  (52fa2c416c02119cf448c06524ed4c18)

0 / 68
http://app.prntscr.com/.../setup-lightshot.exe  (52fa2c416c02119cf448c06524ed4c18)

0 / 68
https://app.prntscr.com/.../setup-lightshot.exe  (052a0607f7a778339e14f7e1fd48478b)

0 / 68
http://app.prntscr.com/.../setup-lightshot.exe  (052a0607f7a778339e14f7e1fd48478b)

1 / 68      (PUP)
http://app.prntscr.com/.../setup-lightshot.exe  (31ed5b9411d17b6f9dd459ac881ffb16)

1 / 68      (PUP)
http://app.prntscr.com/.../setup-lightshot.exe  (47968b69444a0d4c29b6144ad760541a)

1 / 68      (PUP)
https://app.prntscr.com/.../setup-lightshot.exe  (31ed5b9411d17b6f9dd459ac881ffb16)

1 / 68      (PUP)
https://app.prntscr.com/.../setup-lightshot.exe  (47968b69444a0d4c29b6144ad760541a)

1 / 68      (PUP)
https://app.prntscr.com/.../setup-lightshot.exe  (21030fa5398a8d84fe4a6c6e346a30ef)

1 / 68      (PUP)
https://app.prntscr.com/.../setup-lightshot.exe  (74322e943a7d28bc54123f76a592cc5b)

1 / 68      (PUP)
http://app.prntscr.com/.../setup-lightshot.exe  (21030fa5398a8d84fe4a6c6e346a30ef)

1 / 68      (PUP)
http://app.prntscr.com/.../setup-lightshot.exe  (74322e943a7d28bc54123f76a592cc5b)

The following websites host and distribute files published by OOO Kango.

The following certificate is also signed by OOO Kango.

3B6CCA760189A0E6974EDA223E14F884  (Oct 30, 2012 to Oct 31, 2013)

The following publishers (by Authenticode signature organization name) are related.

30 of 390 publishers

Remove OOO Kango Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to OOO Kango by VeriSign, Inc. on September 02, 2013 with the serial number '0239634e379703cc4fb0a20568600b2d'.