home

Yuxin WANG

Publisher Information

Yuxin WANG is a software publisher located in Beijing, China*. The company is a primary distributor of unwanted software. Thre are 46 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/28/2015 3:00:00 AM

Valid to:
8/13/2017 2:59:59 AM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
31e2ff89836cda68a695139d076bad23

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ELEX.YuxinWANG (M), Threat.Win.Reputation.IMP, PUP.MyStartSearch.YuxinWANG.Meta (M), PUP.ELEX.YuxinWAN (M), PUP.ELEX (M)
100.00%

Malwarebytes
PUP.Optional.MyStartSearch.ShrtCln, PUP.Optional.OurSeaching.A, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.Omniboxes.ShrtCln
53.33%

ESET NOD32
Win32/ELEX.EY potentially unwanted (variant), Win32/ELEX.FG potentially unwanted (variant)
30.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.242090
20.00%

avast!
Win32:Adware-gen [Adw]
16.67%

MicroWorld eScan
Gen:Variant.Adware.Graftor.242090
13.33%

Arcabit
Trojan.Adware.Graftor.D3B1AA
13.33%

Bitdefender
Gen:Variant.Adware.Graftor.242090
13.33%

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.242090
13.33%

F-Secure
Gen:Variant.Adware.Graftor
13.33%

1 / 68      (Adware)
oursurfing.exe (4630_2sq1_oursurfing by 7th)  (8189ee608ce41c5b5dc386140285c5c1)

1 / 68      (Adware)
smt_istartsurf.exe (4679_smt_istartsurf by Portmon/EE)  (59224ae3be92a4b4ca185d178b8dc1e2)

1 / 68      (Adware)
smt_istartsurf.exe (4679_smt_istartsurf by Portmon/EE)  (b94c2e3571eeef214e2886c139551215)

1 / 68      (Adware)
lly_mystartsearch.exe (4675_tugs_mystartsearch by 7th)  (54466f3a79f763c1cf2695490595f16e)

1 / 68      (Adware)
oursurfing.exe (4632_2sq3_oursurfing by 7th)  (2ea1518145d97d407f590a6b6663aa70)

9 / 68      (Adware)
g3e2b24ykbjwv59buqzyqg3e2b24ykbjwv59buqzyq_a9.exe (4718_pcm_istartsurf by 7th)  (06505fc83e012fe66eca3f89982f053e)

9 / 68      (Adware)
mystartsearch_elx_2808--6ec63cc3.exe (4666_slb2_mystartsearch by 7th)  (72be532ffce15480379bd58c4f7ee6ae)

2 / 68      (Adware)
lly1_istartsurf.exe (4712_tug1_istartsurf by 7th)  (3daf9a145b5990f49b02d1809e0ba4e3)

11 / 68    (Adware)
mystartsearch_elx_2808--9a83a5df.exe (4665_slbnew_mystartsearch by 7th)  (a8af85b2dd3409018edc1c99a3705946)

1 / 68      (Adware)
lly_mystartsearch.exe (4710_tugs_mystartsearch by 7th)  (8f524bc2a18184649dd0e5dc5c8c3098)

1 / 68      (Adware)
lly1_istartsurf.exe (4677_tug1_istartsurf by 7th)  (096e607e8ef8e13819cfd07f2ed1ce4d)

3 / 68      (Adware)
oursurfing.exe (4686_2sq1_oursurfing by Portmon/EE)  (798572e2e7f3975994cc87f0128e7fac)

1 / 68      (Adware)
426.exe (4692_tt4u_oursurfing by Portmon/EE)  (52a71747f1f72cba6972bd958322c9e5)

1 / 68      (Adware)
y3esqqcwsiiumyz.exe (4714_icp_istartsurf by 7th)  (6ed54c2e4ade7854ff9b23b732b6272c)

3 / 68      (Adware)
smt_oursurfing.exe (4680_smt_oursurfing by Portmon/EE)  (615f3f18d2bf95ca1c500df5fe5b4372)

3 / 68      (Adware)
tti_omniboxes.exe (4691_tti_omniboxes by Portmon/EE)  (230680ab2d79a4ddf56878699543b62b)

1 / 68      (Adware)
ziiddk2fzg.exe (4713_exp1_oursurfing by 7th)  (d2b42ea0dbbf5aa407b278303600f1ef)

1 / 68      (Adware)
lly_istartsurf.exe (4711_tugs_istartsurf by 7th)  (144d0c41eaa62ebf56c5ab54996b0abb)

1 / 68      (Adware)
amt_omniboxes.exe (4708_amt_omniboxes by 7th)  (a2bcdef0f406e7d4f1d3308ee8b8dcb0)

1 / 68      (Adware)
amt_oursurfing.exe (4707_amt_oursurfing by 7th)  (e149648e279d091e508e07076a7a933f)

1 / 68      (Adware)
lly_istartsurf.exe (4676_tugs_istartsurf by 7th)  (cd31e6c00ae1b6204ea6e7b13a3bca89)

11 / 68    (Adware)
amt_omniboxes.exe (4664_amt_omniboxes by 7th)  (b4e8a37df0c865969028be5df1c26958)

3 / 68      (Adware)
adv_46.exe (4683_ima_istartsurf by Portmon/EE)  (e8036a08aee53f62b1ac0aded7ae5aec)

3 / 68      (Adware)
oursurfing.exe (4689_2sq3_oursurfing by Portmon/EE)  (8348d944a4f10fbc8fd8d05637720c04)

3 / 68      (Adware)
smt_istartsurf.exe (4679_smt_istartsurf by Portmon/EE)  (a00cb98c11eadd7b6d6d5fe5dcd1601a)

3 / 68      (Adware)
0p1i9lkpusw==1.exe (4687_2sq_oursurfing by Portmon/EE)  (59ef35e73ce6c32d1c15903a872bba99)

3 / 68      (Adware)
adv_76.exe (4682_ima_mystartsearch by Portmon/EE)  (705a6525b63dcdd4a4c8e845776d29b6)

11 / 68    (Adware)
amt_oursurfing.exe (4663_amt_oursurfing by 7th)  (9fa28541fbd1ceab3edc66d5ce35df90)

6 / 68      (Adware)
nss82da.tmp (4625_cmi_mystartsearch by 7th)  (c66ee8828e910fe75bb4c3f2bdd1fbeb)

6 / 68      (Adware)
0pljatvnq1.exe (4629_2sq_oursurfing by 7th)  (d2ea61842349b46b5d80b8fd8c8ddc70)

 
Latest 30 of 30 files

Downloads URLs for files signed by Yuxin WANG.

2 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly1_istartsurf.exe  (3daf9a145b5990f49b02d1809e0ba4e3)

6 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../cmi_mystartsearch.exe  (c66ee8828e910fe75bb4c3f2bdd1fbeb)

9 / 68      (Adware)
http://4threquest.me/.../310714_a9.exe  (06505fc83e012fe66eca3f89982f053e)

3 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (59ef35e73ce6c32d1c15903a872bba99)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (cd31e6c00ae1b6204ea6e7b13a3bca89)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../icp_istartsurf.exe  (6ed54c2e4ade7854ff9b23b732b6272c)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_mystartsearch.exe  (8f524bc2a18184649dd0e5dc5c8c3098)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../lly_istartsurf.exe  (144d0c41eaa62ebf56c5ab54996b0abb)

The following websites host and distribute files published by Yuxin WANG.

d2drfrdurj6mvo.cloudfront.net

4threquest.me

The certificates below are also signed by Yuxin WANG.

2C416DD3D70B97FC4234C97961D44A24  (Dec 07, 2015 to Aug 14, 2017)

56493BF0156090CDE0540B795E8541C0  (Feb 10, 2016 to Aug 14, 2017)

42B89DFF0EF561EC67F3D06741ADE295  (Nov 25, 2015 to Aug 14, 2017)

2DA55CBA91AF41B2B38306063798B9CB  (Jan 11, 2016 to Aug 14, 2017)

53780CF050BA35CB5EB86E310BA4C82A  (Jan 13, 2016 to Aug 14, 2017)

5EA44E193FCC51F5A02C23795BDE703B  (Nov 27, 2015 to Aug 14, 2017)

778C2E8E17E285D4882E35D29D8224A9  (Jan 05, 2016 to Aug 14, 2017)

32FE5013D2C7ECC50B6FCEF24F95BE42  (Jan 15, 2016 to Aug 14, 2017)

0AB62C6D3E19ADF07A06CAFBBBAA27A5  (Feb 08, 2016 to Aug 14, 2017)

13910B2C74A5DDEADB91E4270330B489  (Dec 31, 2015 to Aug 14, 2017)

10 of 46 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Giner Tech Inc

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co., Limited

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Search Vortex

Thinknice Co. Limited

Banyan Tree Technology Limited

Plain Savings

CLARALABSOFTWARE

EasyVpn

CNB TECHNOLOGIES LLC

* Note, the details and description above are based on the code signing digital signature issued to Yuxin WANG by thawte, Inc. on August 28, 2015 with the serial number '31e2ff89836cda68a695139d076bad23'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.