home

Thinknice Co., Limited

Publisher Information

Thinknice Co., Limited is a software publisher located in 香港, Hong Kong*. The company is a primary distributor of unwanted software. Thre are 11 additional code signing certificates issued to this publisher.
Authority:
GlobalSign nv-sa

Valid from:
9/6/2015 8:02:41 AM

Valid to:
10/21/2015 9:26:52 AM

Subject:
CN="Thinknice Co., Limited", O="Thinknice Co., Limited", L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121528e742bfe9208616b879cb05da32392

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Thinknice.ThinkniceCo (M), PUP.Thinknice.PortmonE (M), PUP.Thinknice.WillLink (M), PUP.Thinknice.7th (M)
100.00%

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.OurSeaching, PUP.Optional.MyStartSearch.ShrtCln
48.00%

ESET NOD32
Win32/ELEX.EY potentially unwanted (variant), Win32/ELEX.FG potentially unwanted (variant), Win32/ELEX.FC potentially unwanted (variant)
40.00%

Dr.Web
Adware.Mutabaha.690, Adware.Mutabaha.706
28.00%

F-Secure
Gen:Variant.Application.Jatif, Application.Elex.M
24.00%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
12.00%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4758034
12.00%

avast!
Win32:SaliCode, Win32:Adware-gen [Adw]
12.00%

K7 AntiVirus
Adware , Riskware
8.00%

Baidu Antivirus
Adware.Win32.ELEX
8.00%

1 / 68      (Adware)
csdi_oursurfing_soft_partner.exe (4756_age_oursurfing by 7th)  (26be5d325b09084f9dc8c820da8d99c7)

1 / 68      (Adware)
mystartsearch_slb2_1409--4d6b87ea.exe (4812_slb2_mystartsearch by WillLink.net)  (668e90b962df7de0003470b13236c395)

1 / 68      (Adware)
cvs_mystartsearch.exe (4693_cvs_mystartsearch by Portmon/EE)  (bb901e792655bf11cc866974ee0b6564)

1 / 68      (Adware)
mystartsearchslb2_09_09--a9cb8c2b.exe (4759_slb2_mystartsearch by 7th)  (3eed6683a482da70d1651a21ea5df91c)

1 / 68      (Adware)
WillLink.exe (4742_cmi_mystartsearch by WillLink.net)  (442d9824497d924e6532ad8bf81ec082)

1 / 68      (Adware)
cvs_mystartsearch.exe (4773_cvs_mystartsearch by 7th)  (89a8740a4457f66675d9bbe3fe472a2f)

1 / 68      (Adware)
cvs_mystartsearch.exe (4817_cvs_mystartsearch by 7th)  (fa5cae01d35ffe53bc81cd5b2ec22832)

1 / 68      (Adware)
cvs2_mystartsearch.exe (4775_cvs2_mystartsearch by 7th)  (3b5a5f2f258009eb2c9ccb617fcce16a)

11 / 68    (Adware)
mystartsearchslbnew_09_09--a3f58a94.exe (4758_slbnew_mystartsearch by 7th)  (1463e009bb516f8db2148f06a777030d)

4 / 68      (Adware)
mystartsearch_slbnew_1409--03b111c7.exe (4811_slbnew_mystartsearch by WillLink.net)  (421a17009061f983b05800f203c93d27)

4 / 68      (Adware)
426.exe (4781_tt4u_oursurfing by Portmon/EE)  (b0e05d1f4854e0782048e9c216b15e18)

5 / 68      (Adware)
nsh6c5d.tmp (4804_cmi_mystartsearch by 7th)  (ccc8c20bbec30f9f6c48470e44c730cf)

1 / 68      (Adware)
WillLink.exe (4815_cmi_mystartsearch by WillLink.net)  (7bab08873ba95ba5051fc4f0b17ac553)

5 / 68      (Adware)
0p1i9lkpusw==1.exe (4807_obw_istartsurf by 7th)  (098f191f9bdd0df9109429a675d5d2ce)

5 / 68      (Adware)
nss98ba.tmp (4804_cmi_mystartsearch by 7th)  (e6324689461331c325098011942a1e62)

1 / 68      (Adware)
obw_istartsurf.exe (4802_obw_istartsurf by WillLink.net)  (82f85a8a5763efeb31e83bb27d11557a)

6 / 68      (Adware)
WillLink.exe (4791_cmi_mystartsearch by WillLink.net)  (a5e5fd88386db0a83eb29eb02e384e27)

4 / 68      (Adware)
portmon.exe (4764_face_istartsurf by Portmon/EE)  (a0ca8254bd0eec1164bc2e969661231e)

7 / 68      (Adware)
oursurfing.exe (4780_eip_oursurfing by Portmon/EE)  (e27980f62d05703c27b79ada7edec383)

6 / 68      (Adware)
0p1i9lkpusw==2.exe (4754_obw_istartsurf by 7th)  (3e5785a8549465fa23abea1f10934c32)

1 / 68      (Adware)
38.tmp.exe (4761_eit_oursurfing by WillLink.net)  (1a386cb8cc8b417da9bb26a6b0910b45)

1 / 68      (Adware)
cvs2_mystartsearch.exe (4695_cvs2_mystartsearch by Portmon/EE)  (9f06f941a8d090461fa330964f9f1726)

1 / 68      (Adware)
WillLink.exe (4742_cmi_mystartsearch by WillLink.net)  (78d0c57216f35bb4cb215daa713054c3)

3 / 68      (Adware)
oursurfing.exe (4678_eip_oursurfing by Portmon/EE)  (f2523624b08c525284f6016b16edf048)

7 / 68      (Adware)
portmon.exe (4681_face_istartsurf by Portmon/EE)  (ea7d30a09f6dc9b3e87562da46779ff9)

Downloads URLs for files signed by Thinknice Co., Limited.

1 / 68      (Adware)
http://113.171.224.209/.../cmi_mystartsearch.exe  (78d0c57216f35bb4cb215daa713054c3)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (82f85a8a5763efeb31e83bb27d11557a)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (3e5785a8549465fa23abea1f10934c32)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (ea7d30a09f6dc9b3e87562da46779ff9)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (78d0c57216f35bb4cb215daa713054c3)

5 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../obw_istartsurf.exe  (098f191f9bdd0df9109429a675d5d2ce)

6 / 68      (Adware)
http://113.171.224.177/.../cmi_mystartsearch.exe  (a5e5fd88386db0a83eb29eb02e384e27)

1 / 68      (Adware)
http://113.171.224.168/.../cmi_mystartsearch.exe  (7bab08873ba95ba5051fc4f0b17ac553)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (7bab08873ba95ba5051fc4f0b17ac553)

5 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (e6324689461331c325098011942a1e62)

4 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (a0ca8254bd0eec1164bc2e969661231e)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (a5e5fd88386db0a83eb29eb02e384e27)

The following websites host and distribute files published by Thinknice Co., Limited.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Thinknice Co., Limited.

112170C8A859FAC5632237A13A696FA39819  (Sep 25, 2015 to Oct 21, 2015)

1121CBE5C1558EDCC9CCFB7F6A4D0149AC0F  (Aug 24, 2015 to Oct 21, 2015)

1121A1CF5D56F294C3AE3C86D57954C3D206  (Sep 02, 2015 to Oct 21, 2015)

11210D8FFB9CE8F41CAC6BFC5F9E175348EF  (Oct 20, 2015 to Oct 21, 2015)

1121EFBDA7AD15572D2AE066B4E5E3A93D59  (Oct 15, 2015 to Oct 21, 2015)

1121A999331F30FB5D6CFEB452D062BE7BA5  (Oct 16, 2015 to Oct 21, 2015)

1121948AE7CDF399F225331BCCDB2A49702C  (Oct 13, 2015 to Oct 21, 2015)

1121F671AB6293D47F258F57988EE5F47C30  (Oct 08, 2015 to Oct 21, 2015)

11214C4844480632D72985DD9135BD0E276D  (Aug 19, 2015 to Oct 21, 2015)

11217B1525408E122E96F2FC3CB018A64466  (Oct 20, 2014 to Oct 21, 2015)

10 of 11 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Giner Tech Inc

Yuxin WANG

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Thinknice Co., Limited by GlobalSign nv-sa on September 06, 2015 with the serial number '1121528e742bfe9208616b879cb05da32392'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.