home

Shulan Hou

Publisher Information

Shulan Hou is a software publisher located in Dingzhou, Hebei in China*. The company is a primary distributor of unwanted software. Thre are 45 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0f53bea8a702ff6f4d98547a190c3464

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Ma Lin.ShulanHou (M), PUP.ELEX.ShulanHou (M), PUP.ELEX.ShulanHo (M), PUP.ELEX.ShulanHo.Installer (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.IStartSurf.A, PUP.Optional.MyStartSearch.A, PUP.Optional.MyStartSearch.ShrtCln
54.00%

Dr.Web
Adware.Mutabaha.572, Adware.Mutabaha.545, Adware.Mutabaha.597, Adware.Mutabaha.288, Adware.Mutabaha.412, Adware.Mutabaha.361
50.00%

Bkav FE
W32.HfsAdware
32.00%

ESET NOD32
Win32/ELEX.EC potentially unwanted (variant), Win32/ELEX.CL potentially unwanted (variant), Win32/ELEX.EP potentially unwanted
32.00%

herdProtect (fuzzy)
a variant of 995411ce3e26118a53462e0e56b1c8eaf62630a8, a variant of f66e28ba83d3c6b4e81ab6f3ed9e87ca705e7641, a variant of 4154fb71672a7fe708cd4b2269ada2fbc2f0e7f3
28.00%

Microsoft Security Essentials
BrowserModifier:Win32/SupTab
22.00%

Agnitum Outpost
Riskware.Agent, PUA.Amonetize, PUA.Mutabaha
14.00%

Quick Heal
PUA.MSJDGBTIR.OD6
14.00%

NANO AntiVirus
Riskware.Win32.Mutabaha.dulzhd, Riskware.Win32.Mutabaha.dunath, Riskware.Win32.Mutabaha.duyjzb, Riskware.Win32.Mutabaha.dumnnc
14.00%

1 / 68      (Adware)
nsbfr_oursurfing.exe (4473_nsbfr_oursurfing by Welnk.com)  (3f689bc43fbabbb72836c93bb3aef95a)

1 / 68      (Adware)
nsbfr_oursurfing.exe (4126_nsbfr_oursurfing by 7th)  (373eef11865dfc8cf45ef1163a6b96b2)

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4488_age_oursurfing by Welnk.com)  (0683d1de5faab9208acd06e3638ca516)

1 / 68      (Adware)
WeLink.exe (4483_cmi_mystartsearch by Welnk.com)  (e07e69f36831906b31d539567a1eba4a)

1 / 68      (Adware)
smt_istartsurf.exe (4113_smt_istartsurf by Software Removal tool)  (7ebf4fd035bee8ffbdff33504b89ed23)

1 / 68      (Adware)
oursurfing.exe (4280_eip_oursurfing by Welnk.com)  (6f1dd2cf235c33ad5eb045950602148b)

1 / 68      (Adware)
rbm_istartsurf.exe (4252_rbm_istartsurf by Welnk.com)  (e6b71f6979f2527e571c8fae7b0b3d8a)

1 / 68      (Adware)
setup.exe (4476_45e_oursurfing by 7th)  (03aa1c6e09658927778b372350d132ee)

1 / 68      (Adware)
nsdb511.tmp  (8128bb02b378cf38fa27a28221eca323)

1 / 68      (Adware)
key4_istartsurf.exe (4210_key4_istartsurf by Welnk.com)  (9f9660dde681919f2a85297a87e37786)

1 / 68      (Adware)
oursurfing.exe (4137_2sq2_oursurfing by Software Removal tool)  (d52205dd22880de33f8d1215337c3f87)

1 / 68      (Adware)
smt_oursurfing.exe (4114_smt_oursurfing by Software Removal tool)  (65cc94030d1bb888e86c459cd14e1575)

1 / 68      (Adware)
cvs_mystartsearch.exe (4162_cvs_mystartsearch by Welnk.com)  (204f836c099d5f262a71c7db13a930b8)

1 / 68      (Adware)
adv_155.exe (4313_ima_do-search by Welnk.com)  (d20bbd5211a43cef74276cd79538bcca)

1 / 68      (Adware)
con_mystartsearch.exe (4250_con_mystartsearch by Welnk.com)  (e6fef5d61fd12e0486649bd0d3800015)

1 / 68      (Adware)
adv_76.exe (4312_ima_mystartsearch by Welnk.com)  (179ac904d296997935899b176b8b8d70)

1 / 68      (Adware)
lly1_istartsurf.exe (3807_tug1_istartsurf by WiLink.com)  (4236d15fc885c4fc8f04a4176a31bc3c)

1 / 68      (Adware)
nsbes_oursurfing.exe (4475_nsbes_oursurfing by Welnk.com)  (820948d6513aa615fea38b833539bff9)

9 / 68      (Adware)
oursurfing.exe (4319_2sq3_oursurfing by Welnk.com)  (b766255692875647fb61de825091762d)

10 / 68    (Adware)
nsbit_oursurfing.exe (4474_nsbit_oursurfing by Welnk.com)  (9d7c92efe7bdd89f248ea57a9b755f40)

1 / 68      (Adware)
adv_46.exe (4311_ima_istartsurf by Welnk.com)  (509c3f603222407422b9bb6014e01d12)

11 / 68    (Adware)
3tqrlgznry.exe (4477_exp1_oursurfing by Welnk.com)  (799c9998038a98bb673307f239cd1484)

3 / 68      (Adware)
nst6593.tmp (4470_face_istartsurf by 7th)  (9d3a768c06fe7266a0cd7717230d0217)

10 / 68    (Adware)
ium6_mystartsearch.exe (4481_ium6_mystartsearch by Welnk.com)  (5564ca4641db3b5595a97a6df3a84f3f)

10 / 68    (Adware)
WeLink.exe (4483_cmi_mystartsearch by Welnk.com)  (96b8e19f4dcf86d1ef69881780c1692f)

1 / 68      (Adware)
WeLink.exe (4450_cmi_mystartsearch by Welnk.com)  (87a21dbae64e5e67753b07964d6ef234)

3 / 68      (Adware)
buzz_oursurfing.exe (4204_buzz_oursurfing by 7th)  (a5d9c661b1c90c86c07d3c67270cb307)

7 / 68      (Adware)
nsrab4a.tmp (4353_face_istartsurf by 7th)  (870867bfaf96b6565508415a71fb9bc5)

7 / 68      (Adware)
nsh60a5.tmp (4344_cmi_mystartsearch by 7th)  (4d3b3c6655eda035541f8023e5a8df4d)

7 / 68      (Adware)
nsbes_oursurfing.exe (4125_nsbes_oursurfing by 7th)  (756b7b342a0ddf2d2cadbbb5bcb2c700)

 
Latest 30 of 58 files

Downloads URLs for files signed by Shulan Hou.

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (4236d15fc885c4fc8f04a4176a31bc3c)

7 / 68      (Adware)
http://113.171.224.169/.../cmi_mystartsearch.exe  (4d3b3c6655eda035541f8023e5a8df4d)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (a606799661da027c5f8b2fc881a6a628)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (c95135587f5cd86d5a67eeca2787e3aa)

10 / 68    (Adware)
http://113.171.224.178/.../cmi_mystartsearch.exe  (96b8e19f4dcf86d1ef69881780c1692f)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (fd01c325fb696e29e0c7039e54812cb1)

5 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (0cd7fa4f87a1d38ff421d3a413477959)

10 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../nsbit_oursurfing.exe  (9d7c92efe7bdd89f248ea57a9b755f40)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (870867bfaf96b6565508415a71fb9bc5)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (f48d264175b6b84997f9c857bc616d7d)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (87a21dbae64e5e67753b07964d6ef234)

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (9d3a768c06fe7266a0cd7717230d0217)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (0c4a39270d9e15d588991d5923e79bb3)

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (db423eedf57004fb9cc705355d7d8c63)

10 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (96b8e19f4dcf86d1ef69881780c1692f)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (4d3b3c6655eda035541f8023e5a8df4d)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../nsbes_oursurfing.exe  (820948d6513aa615fea38b833539bff9)

The following websites host and distribute files published by Shulan Hou.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Shulan Hou.

2A5B578B2DA9A441D2C1AECD265EEFBF  (Jul 25, 2016 to Jun 14, 2017)

18DB51E9C16B714FFCB04CB5C35983FA  (Oct 08, 2016 to Jun 14, 2017)

77C4983B630ECB2C08FBC858271E3D45  (Jul 20, 2016 to Jun 14, 2017)

2F1AD76761251F239B649AF9F2D2627C  (Aug 11, 2016 to Jun 14, 2017)

03254EAC08CFABB19414DAE3BD08D149  (Jul 18, 2016 to Jun 14, 2017)

74702DFF5D4056B847D009A2265FB1B3  (Jul 28, 2016 to Jun 14, 2017)

21E3000980B30029C251639A0B0AF0FD  (Aug 25, 2016 to Jun 14, 2017)

3261BAE34D602AACC22105B22CB5F2E9  (Sep 12, 2016 to Jun 14, 2017)

58D977998990941725A12A8E95E680E8  (Aug 22, 2016 to Jun 14, 2017)

5274DA00B3A71189BCD52ADA339D68CF  (Sep 20, 2016 to Jun 14, 2017)

10 of 45 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Taiming Li

Fuyuan Zhou

Xiaoqing Liu

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Shulan Hou by DigiCert Inc on December 24, 2014 with the serial number '0f53bea8a702ff6f4d98547a190c3464'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.