home

Shanghai Yuntong Technology Co., Ltd.

Publisher Information

Shanghai Yuntong Technology Co., Ltd. is a software developer located in Beijing, China*. Thre are 6 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
5/5/2016 9:00:00 PM

Valid to:
2/24/2017 8:59:59 PM

Subject:
CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1a3eac6c38c71b1e4ce1fa41cfa093e5

Status:
Inconclusive detections from multiple engines

Scan engine
Details
Detections

Reason Heuristics
PUP.Elex (M), Adware.Elex (M)
75.00%

McAfee
Virus.W32/HLLP.41472
12.50%

avast!
Win32:Crypt-SKC [Trj]
12.50%

F-Prot
W32/Neshta.A!Generic
12.50%

Dr.Web
Adware.Mutabaha.1371
12.50%

1 / 68      (PUP)
nosemay.exe (Nosemay)  (9aeb24fe8d5a77b99b4e1acee65359bc)

0 / 68
chrome.dll (Nosemay by Google)  (0eb274230ef3b7ee92349b8ef5e36af4)

0 / 68
chrome_child.dll (Nosemay by Google)  (9bbbefe5de9d7871ffd164c69cd9f7f8)

1 / 68      (inconclusive)
chrome.exe (Nosemay by Google)  (4d294224e1283a9c13132a2629a11cde)

0 / 68
chrome_child.dll (Nosemay by Google)  (20cfba70ff028efdc94d844e3f6048d3)

0 / 68
wow_helper.exe  (b47f570f1436ef41174bd1b757b4efb9)

1 / 68      (PUP)
upo921a.tmp.hlh  (811459582edad0b964cc1b1655dfdb39)

3 / 68      (Malware)
nosemay.exe (Nosemay)  (96b6eee0def9957a702b23c853e18078)

0 / 68
goopdateres_cs_50.11.dll  (9727d41ac8dd4943945d08059a3e2a6c)

1 / 68      (PUP)
upoc6c8.tmp.hlh  (3b7052426caa18ca5ce802b220280728)

0 / 68
repairscror50.11_7.dll  (31a6c62fa200ec626f20647341a89c13)

0 / 68
pepflashplayer.dll (Shockwave Flash by Adobe Systems)  (fcb0aaa1c9644e0c96da04ca182d96e5)

0 / 68
wow_helper.exe  (5fd904e158ffddef8825b1b16ef659da)

0 / 68
libexif.dll  (01f7668cc78b17641c771366ad217c53)

0 / 68
delegate_execute.exe (Nosemay by Google)  (41f9aae5b7a1c6db9f59fd453cbf0198)

0 / 68
chrome_watcher.dll (Nosemay by Google)  (23ed4c6dca896bcc51721d49cea51c91)

0 / 68
libEGL.dll (ANGLE libEGL Dynamic Link Library)  (f327ebd5d72d1fd2cb753e53ccf3e47f)

0 / 68
libGLESv2.dll (ANGLE libGLESv2 Dynamic Link Library)  (3df1732d0e361acd657c02fa9676c602)

0 / 68
d3dcompiler_47.dll (Direct3D HLSL Compiler for Redistribution by Microsoft)  (2d0fcd15dc5b74ac7cd81887ab0d9358)

0 / 68
chrome.dll (Nosemay by Google)  (0eb274230ef3b7ee92349b8ef5e36af4)

0 / 68
chrome_child.dll (Nosemay by Google)  (9bbbefe5de9d7871ffd164c69cd9f7f8)

0 / 68
chrome_elf.dll (Nosemay by Google)  (4862ae6962d4cb8b5e7984a63ce4954a)

0 / 68
chrome.exe (Nosemay by Google)  (b30c6270c1200796b12dd96ff086fea8)

1 / 68      (PUP)
nosemay.exe (Nosemay)  (9aeb24fe8d5a77b99b4e1acee65359bc)

0 / 68
nosemayupdate.exe (Nosemay)  (be0ac8d05ae1e0cf8f3f4f3fee2fbe21)

1 / 68      (PUP)
chr.exe (Nosemay)  (d062bb9c2d55c29ba4ede11906350488)

1 / 68      (PUP)
upob94a.tmp.hlh  (4dae6ab3c9d4d18c5447c6082e9d8176)

Downloads URLs for files signed by Shanghai Yuntong Technology Co., Ltd..

1 / 68      (PUP)
http://img.rafomedia.com/gour/.../RepairScRor50.11_8.dll  (upoc6c8.tmp.hlh)

1 / 68      (PUP)
http://img.rafomedia.com/gour/.../RepiarScFor5011_2.dll  (upob94a.tmp.hlh)

0 / 68
http://img.rafomedia.com/gour/.../goopdateres_cs_50.11.dll  (goopdateres_cs_50.11.dll)

The following websites host and distribute files published by Shanghai Yuntong Technology Co., Ltd..

img.rafomedia.com

The certificates below are also signed by Shanghai Yuntong Technology Co., Ltd..

089B3119C4FAB31D5BFDE2D2D5785A16  (Jun 01, 2016 to Feb 25, 2017)

465B7CDE7133A702E4E5DFB156CF84C3  (Jul 08, 2016 to Feb 25, 2017)

01550F66A0903009DDACAF17E47561A2  (Jun 17, 2016 to Feb 25, 2017)

491B7E1C9CD5BF733143F00DD556D161  (Feb 25, 2016 to Feb 25, 2017)

0ABD753C3C1114D0850178C5ABEFCA75  (Jun 21, 2016 to Feb 24, 2017)

726CC6DF3389C67071EAA1CF524BD992  (Aug 17, 2016 to Feb 24, 2017)

The following publishers (by Authenticode signature organization name) are related.

Zhiming Yuan

Yupeng Zhang

Sice Xing

Wei Liu

Shan Feng

Shulan Hou

* Note, the details and description above are based on the code signing digital signature issued to Shanghai Yuntong Technology Co., Ltd. by thawte, Inc. on May 05, 2016 with the serial number '1a3eac6c38c71b1e4ce1fa41cfa093e5'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.