home

Xiaoqing Liu

Publisher Information

Xiaoqing Liu is a software publisher located in Zaozhuang, Shandong in China*. The company is a primary distributor of unwanted software. Thre are 4 additional code signing certificates issued to this publisher.
Authority:
DigiCert Inc

Valid from:
8/12/2014 9:00:00 PM

Valid to:
8/17/2015 9:00:00 AM

Subject:
CN=Xiaoqing Liu, O=Xiaoqing Liu, L=Zaozhuang, S=Shandong, C=CN

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01fe476bb35d5c01eabe81b9438b7b75

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Li Mo, Threat.Li Mo.XiaoqingLiu, PUP.ELEX.XiaoqingLiu (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.Omniboxes.A, PUP.Optional.IStartSurf.A, PUP.Optional.LuckySearches.A, PUP.Optional.MyStartSearch.A
76.92%

Baidu Antivirus
Adware.Win32.ELEX
76.92%

Dr.Web
Adware.Mutabaha.219, Adware.Mutabaha.219, Adware.Mutabaha.87, Adware.Mutabaha.220
69.23%

K7 AntiVirus
Unwanted-Program , Adware
61.54%

herdProtect (fuzzy)
a variant of 62ecbbea77590d693d2c6276a0a386047f1fe63a, a variant of e075a3a56b71ece32e2f190d85e708599400b3c4, a variant of 8e3e44ac943e7e537cceae2ba74d7495d9b486b7
61.54%

Trend Micro House Call
Suspicious_GEN.F47V0324, Suspicious_GEN.F47V0325, Suspicious_GEN.F47V0401, Suspicious_GEN.F47V0327
46.15%

ESET NOD32
Win32/ELEX.CE potentially unwanted (variant), Win32/ELEX.CF potentially unwanted (variant)
46.15%

Sophos
nbsp;
38.46%

VIPRE Antivirus
BehavesLike.Win32.Malware.sfd (mx-v), Trojan.Win32.Generic
38.46%

1 / 68      (Adware)
face1_luckysearches65.exe (3294_face1_luckysearches by HYS)  (9c497fb05bcf8c1c5fcb3b52f0e63708)

1 / 68      (Adware)
istartsurf.exe (3291_pcs_istartsurf by HYS)  (29a60dfc70f3fc86655fd48f74526735)

1 / 68      (Adware)
rbm_luckysearches.exe (3344_rbm_luckysearches by HTabp.com)  (db2547f96155a0df04b27471907eade4)

8 / 68      (Adware)
rbm_istartsurf.exe (3343_rbm_istartsurf by HTabp.com)  (81167a7fb78ed2e0268765e2fc06f95c)

10 / 68    (Adware)
air_istartsurf.exe (3377_air_istartsurf by HTabp.com)  (7d1b62e1ee7450b608708f1ce5a6d422)

11 / 68    (Adware)
nsa5b9a.tmp (3290_cmi_luckysearches by HYS)  (99dc4c88902f5e53091d79d5d35653ac)

10 / 68    (Adware)
Istart.exe (3339_ill_istartsurf by HTabp.com)  (5600e8edf7c6a4655ee335cdd7b21562)

10 / 68    (Adware)
squadm_istartsurf.exe (3342_squadm_istartsurf by HTabp.com)  (fe3674a08cc76acabf68595c6c6da16b)

9 / 68      (Adware)
mystartsearch_soft_partner.exe (3325_tt4u_mystartsearch by HTabp.com)  (4378e343e4729683d4b740f904b2d205)

7 / 68      (Adware)
HTabp.exe (3354_cmi_mystartsearch by HTabp.com)  (bcae3f477aaf01bcfbe9e58793a157fb)

7 / 68      (Adware)
vk1zei8t6j.exe (3360_exp_luckysearches by LIY)  (0ff62cfc4d810bcb3b1eae6fd860691c)

11 / 68    (Adware)
mavtkcn4oj.exe (3334_exp_luckysearches by HTabp.com)  (383935d9c151b032e17e74b4379ab1c9)

14 / 68    (Adware)
nsmb37a.tmp (3326_face_istartsurf by HYS)  (875a538b6f8d73f574a47749287fb040)

Downloads URLs for files signed by Xiaoqing Liu.

11 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_luckysearches.exe  (99dc4c88902f5e53091d79d5d35653ac)

14 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../face_istartsurf.exe  (875a538b6f8d73f574a47749287fb040)

10 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../squadm_istartsurf.exe  (fe3674a08cc76acabf68595c6c6da16b)

10 / 68    (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../air_istartsurf.exe  (7d1b62e1ee7450b608708f1ce5a6d422)

7 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (bcae3f477aaf01bcfbe9e58793a157fb)

The following websites host and distribute files published by Xiaoqing Liu.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Xiaoqing Liu.

01D9E1C9DEA81DDCA65062CC18203480  (Aug 13, 2014 to Aug 17, 2015)

0889CED821C1220A4F950101C71E977B  (Aug 13, 2014 to Aug 17, 2015)

04EED95FE18B1B4413D68A12F53663C0  (Aug 13, 2014 to Aug 17, 2015)

0EBAB4AC38B70A33EE517D238BDE49D7  (Aug 12, 2014 to Aug 17, 2015)

The following publishers (by Authenticode signature organization name) are related.

Shulan Hou

Fuyuan Zhou

Taiming Li

Ma Lin

Li Mo

Zhang Ling

Thinknice Co., Limited

Giner Tech Inc

Yuxin WANG

Minidigital Technology Co., Limited

Thinknice Co. Limited

Banyan Tree Technology Limited

Skytouch Technology Co., Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Xiaoqing Liu by DigiCert Inc on August 12, 2014 with the serial number '01fe476bb35d5c01eabe81b9438b7b75'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.