home

Yupeng Zhang

Publisher Information

Yupeng Zhang is a software publisher located in Beijing, China*. Thre are 90 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
4/14/2016 2:00:00 AM

Valid to:
2/4/2017 1:59:59 AM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3891c34dbf1908f8bf105f5bdf006ce9

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Adware.Elex (M), PUP.YuBao, Adware.YesSearches (M), PUP.Zhang.YupengZh.Meta (M), PUP.Zhang (M)
90.00%

ESET NOD32
Win32/Obfuscated.NFU trojan, Win32/Obfuscated.NFX trojan
20.00%

Microsoft Security Essentials
Threat.Undefined
20.00%

Dr.Web
Adware.Mutabaha.1165
10.00%

1 / 68      (PUP)
setup.exe  (98c1322273110344204417e7848a5129)

1 / 68      (PUP)
jjcscheduletask.exe  (840794c855a1c6c50a716e157ba2b61a)

3 / 68      (PUP)
tmp0000000e306bfea7eab2cbb8  (54ac28869600d1113da8bca9a4c9951e)

1 / 68      (PUP)
06dghe3nof43mn3ecxfcvkwk0zb06dghe3nof43mn3ecxfcvkwk0zb_a11.exe  (e7b5d468d5e1a7e6982b2057665d6bbf)

3 / 68      (PUP)
ic-0.923d790b623088.exe  (5e394645fa03fd325ee9aeaba1157557)

1 / 68      (Malware)
jjcscheduletask.exe  (840794c855a1c6c50a716e157ba2b61a)

1 / 68      (PUP)
jjcscheduleservice.exe  (d76fd22280ebd3702930abf9d936708b)

1 / 68      (PUP)
ic-0.b4aa8d32b2ba28.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
fedaryqeuleservertsk.exe  (320e4389f84c792af949fb45ea47187c)

1 / 68      (PUP)
fedaryqeuleserversrv.exe  (c477b8f1321ce8ab69589a0960983408)

Downloads URLs for files signed by Yupeng Zhang.

1 / 68      (PUP)
http://113.171.224.211/.../ism_setup.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
http://skygetfile.co/.../310714_a11.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
http://d2xvc2nqkduarq.cloudfront.net/.../setup.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
http://d2xvc2nqkduarq.cloudfront.net/.../obs_setup.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
http://d2xvc2nqkduarq.cloudfront.net/.../ism_setup.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

1 / 68      (PUP)
http://d2xvc2nqkduarq.cloudfront.net/.../dam_setup.exe  (bebb7882ca5ade782fb7c0cd6df4d2f2)

The following websites host and distribute files published by Yupeng Zhang.

skygetfile.co

d2xvc2nqkduarq.cloudfront.net

The certificates below are also signed by Yupeng Zhang.

244D0CB515ECDD6D7108B5378BBC5F59  (Jul 19, 2016 to Feb 04, 2017)

6565B120804D2D6B22826AC963C337C0  (May 06, 2016 to Feb 04, 2017)

34AB78BF82BEBF6A9CC99F40A46851C1  (Jun 21, 2016 to Feb 04, 2017)

793DFBDDBCFAD17CE2A15CE8EBA1D0DE  (Apr 19, 2016 to Feb 04, 2017)

6A37198834D0353C2502C722D25215CF  (Jun 15, 2016 to Feb 04, 2017)

6128406DD4FB84372498F53EBF6FA671  (Aug 12, 2016 to Feb 04, 2017)

60CBC72B61CC9563E9FC40E5FC7DA5E7  (Jul 27, 2016 to Feb 04, 2017)

59494AFD95CC5ECBE819B52B0725F1A4  (Jul 13, 2016 to Feb 04, 2017)

586AB8EF886672D7E61688910492107C  (Jul 06, 2016 to Feb 04, 2017)

2BF0FEC70FE0B00738422327FAEEE7C5  (Jun 29, 2016 to Feb 04, 2017)

10 of 90 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Speed Low Inc.

Guide Style LTD corp.

Yu Bao

EasyVpn

VANKY TECHNOLOGY LIMITED

Zealot Games Limited

Yuanyuan Zhang

Somoto Ltd

Off To Up LLC

Xin Zhou

think-cell Software GmbH

C4DL Media

Haiyu Zhang

* Note, the details and description above are based on the code signing digital signature issued to Yupeng Zhang by thawte, Inc. on April 14, 2016 with the serial number '3891c34dbf1908f8bf105f5bdf006ce9'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.