home

Tian Hengyu

Publisher Information

Tian Hengyu is a software developer located in Yantai, Shandong in China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs.
Authority:
WoSign CA Limited

Valid from:
6/5/2015 3:51:07 PM

Valid to:
6/5/2016 4:17:06 PM

Subject:
CN=Tian Hengyu, L=Yantai, S=Shandong, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
10f11866155ff64970c3de4f52ceac30

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.TianHengyu, PUP.TianHeng.Installer (M), PUP (M)
90.00%

IKARUS anti.virus
Trojan.Win32.Spy, PUA.Generic, PUA.NSISmod
20.00%

K7 AntiVirus
Unwanted-Program
14.00%

ESET NOD32
Win32/Packed.NSISmod.A suspicious (variant), Win32/Packed.NSISmod.E suspicious (variant), Win32/RiskWare.Yantai (variant)
10.00%

Clam AntiVirus
Win.Trojan.691128, Win.Trojan.Agent-953715
10.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
10.00%

Fortinet FortiGate
W32/Generic.AC.18053, Riskware/Xiaoxiong
10.00%

McAfee
Artemis!3270B7471741, Artemis!35AB837C53FA, Artemis!025B716748EC, Artemis!E49FC5F8FB94
8.00%

NANO AntiVirus
Riskware.Win32.ShouQu.dmnfjx
8.00%

Dr.Web
Trojan.KillFiles.28526
8.00%

1 / 68      (Malware)
crypto.dll  (632d9303c234b670e642f72706c9485c)

1 / 68      (Malware)
tinyxml.dll  (c9ad55f7733a0e861066772a0d311074)

1 / 68      (Malware)
Unrar.dll (RAR decompression library by Alexander Roshal)  (18ce36fac8b05a12f9076be419c86d2f)

1 / 68      (Malware)
SmallPander.exe  (8921dcad59a5bd529593b340d8658982)

1 / 68      (Malware)
ProKill.dll (by Shenzhen fengling Network Technology Co.,Ltd)  (ee340af8fbd530866eac370025c109b7)

1 / 68      (Malware)
bp.exe (by Shenzhen Jisu Network Technology Co.,Ltd)  (47f220d0c6f5fe97f3539918217e811c)

1 / 68      (Malware)
BPExt.dll  (f708a8efb5d2df487cab4dee99825c8c)

1 / 68      (Malware)
SmallPander.exe  (d1e4e3f8cf4af5d71ec0b15ee98a6cc8)

1 / 68      (Malware)
au.exe  (a61b271271a86010a05b254ec60ee8fc)

5 / 68      (PUP)
尚未確認的 859486.crdownload  (cb1ea91ca5aaec258313d24207595788)

4 / 68      (PUP)
au.exe  (dfda618cae0f9a3f01deb690f8223e54)

24 / 68    (PUP)
setup_361.exe  (e49fc5f8fb94d6a93387623e65407099)

1 / 68      (PUP)
velocext64.dll  (97cc9bf5c897bf1f370d62cb89465d36)

1 / 68      (PUP)
Unrar.dll (RAR decompression library by Alexander Roshal)  (0c9009d368f6df63cdd2a1fb0a951877)

1 / 68      (PUP)
velocext.dll  (5d73e82d219055ea982f028b717bf2d7)

1 / 68      (PUP)
uninst.exe  (07277adb270a31052cba156349679c22)

1 / 68      (PUP)
veloccopy.exe  (9a941f3e24003631ab7920fa63d77ec5)

1 / 68      (PUP)
veloc.exe  (787743594edddbb503cb0f779faa5ade)

1 / 68      (PUP)
crypto.dll  (68f6beeb514f9fae29b2f378f22abb40)

9 / 68      (inconclusive)
game_3582j7b.exe  (025b716748ec7b3e26f7181360ad6d7f)

1 / 68      (PUP)
velocmgr.exe  (bf856fb7067c3a2ed3780235d07126ea)

2 / 68      (PUP)
velocpro.exe  (1c5501b5b6492e86b6927a1f53eb7ea5)

1 / 68      (PUP)
bpad.exe  (5cfa768405b364e7641de07894b86c10)

3 / 68      (PUP)
bpor.exe (by Shenzhen Bear Network Technology Co.,Ltd)  (48043cafefb92ebcc5400a29b15f894d)

1 / 68      (PUP)
Unrar.dll (RAR decompression library by Alexander Roshal)  (5ad5ac8076579c704ab5fb7f6fa66491)

1 / 68      (PUP)
uninst.exe  (735fe4236bc8130f2e8e8bbc3a62c9d0)

1 / 68      (PUP)
SmallPander.exe  (7fc07bdf0db11d0acdaa169cdc9ddd2d)

1 / 68      (PUP)
bpext64.dll  (0ef2661508ad22968b10e7a22f79fd39)

1 / 68      (PUP)
bp.exe (by Shenzhen Jisu Network Technology Co.,Ltd)  (8eb53d60e24b5b55dd4046cc213e3c4e)

2 / 68      (PUP)
BPExt.dll  (8dcba05387202cb1b01d2ad99f241399)

 
Latest 30 of 71 files

* Note, the details and description above are based on the code signing digital signature issued to Tian Hengyu by WoSign CA Limited on June 05, 2015 with the serial number '10f11866155ff64970c3de4f52ceac30'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.