home

Yupeng Zhang

Publisher Information

Yupeng Zhang is a software publisher located in Beijing, China*. A majority of the programs developed by the company can be classified as adware or other potentially unwanted programs. Thre are 90 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
6/22/2016 10:00:00 AM

Valid to:
2/4/2017 10:59:59 AM

Subject:
CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
615d07984b66092c7cf70ac7d7be69ab

Scanner detections:
Detections  (97% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Zhang.YupengZh.Meta (M)
97.22%

ESET NOD32
Win64/Obfuscated.B trojan, Win32/Obfuscated.NGI trojan
13.89%

Emsisoft Anti-Malware
Gen:Variant.Barys.2703
2.78%

Norman
Gen:Variant.Barys.2703
2.78%

F-Secure
Variant.Barys.2703
2.78%

0 / 68
appleversions.dll  (ee5a45c8def448ea9893062ed36eb7f4)

1 / 68      (PUP)
nwtcntsrv.html5  (b1a2f65a1eb0414fc0ad8c058a4a300a)

1 / 68      (PUP)
nwtcntsrv.html5  (7c414a7d40e633edff86000a7ab74940)

1 / 68      (PUP)
nwtcntsrv.html5  (94d3103b83ef172d0911e91121f44a0f)

1 / 68      (PUP)
nwtcntsrv.html5  (d1797618d1c3ffd22f2b6b1970c86e62)

1 / 68      (PUP)
nwtcntsrv.html5  (cd2d327161c76e3618f0f0cc6b9d939e)

1 / 68      (PUP)
nwtcntsrv.html5  (9cce0ca5ca7209e2694919de07544d32)

1 / 68      (PUP)
nwtcntsrv.html5  (9cc5e6d2960015c2afd3d3980c4b9361)

1 / 68      (PUP)
nwtcntsrv.html5  (d06c8dd18084a57438ab269920ee7e6d)

1 / 68      (PUP)
nwtcntsrv.html5  (f195edde990fa2fc0d7ccc3870fb2a99)

1 / 68      (PUP)
nwtcntsrv.html5  (e534bf9b7c011d0947ef8734c816ffff)

1 / 68      (PUP)
nwtcntsrv.html5  (d83445138255e97bc9c9d75312b20b00)

1 / 68      (PUP)
nwtcntsrv.html5  (e1caea280575c6f8445190bf9d8d2deb)

1 / 68      (PUP)
nwtcntsrv.html5  (d12fe1b40fdc130e240c74fabf19ea50)

1 / 68      (PUP)
nwtcntsrv.html5  (9b752683197815689c03fc1c21a2e023)

1 / 68      (PUP)
nwtcntsrv.html5  (55b38e212ba7b2a020637b5ce6e6d209)

1 / 68      (PUP)
nwtcntsrv.html5  (932ac9fdc28344ca1fef44ebe58a7fcb)

1 / 68      (PUP)
nwtcntsrv.html5  (248c896b341c093a196c22fd85809cdb)

1 / 68      (PUP)
appleversions.dll  (f3f9699fb2206a1e91fc9140f2ab4123)

1 / 68      (PUP)
cidise.dll  (1d4f643dcfc3c09f61c4f1197c194141)

2 / 68      (PUP)
zifat.dll  (cfa07d8cd357447453a7077ca777c7a7)

1 / 68      (PUP)
pdhcollectortsk.exe  (3d66356615d97898985c7bb629b1d936)

2 / 68      (PUP)
pdhcollectorsrv.html5  (b8b555c9b1e7cc126b2e97615450fb65)

1 / 68      (PUP)
subet.dll  (278442ff875244d813399b5ec1a246e8)

1 / 68      (PUP)
puqoch.dll  (f9a0b2e3680b201da7097f7cacf695df)

2 / 68      (PUP)
clrmoduleservice.html5  (b133212b6c6c4cdf1e6e04924e29258b)

1 / 68      (PUP)
clrmoduletask.exe  (d816e896334a414688d9c94477ab05da)

1 / 68      (PUP)
appleversions.dll  (e0b0b8b8ce9283a6dcb615bf6ae769a7)

1 / 68      (PUP)
stegucult.dll  (08553ca75f5d6dd00c5eb8ad795960f9)

1 / 68      (PUP)
thobipy.dll  (309b986d0e6e121e7b4be6cc1375f68b)

 
Latest 30 of 37 files

The certificates below are also signed by Yupeng Zhang.

6565B120804D2D6B22826AC963C337C0  (May 06, 2016 to Feb 04, 2017)

34AB78BF82BEBF6A9CC99F40A46851C1  (Jun 21, 2016 to Feb 04, 2017)

244D0CB515ECDD6D7108B5378BBC5F59  (Jul 19, 2016 to Feb 04, 2017)

56ED9E7C28D4E65DF6EF0253265ACB11  (Mar 14, 2016 to Feb 04, 2017)

643730083A6E3BE22FBC4D75E043E5C1  (Aug 01, 2016 to Feb 04, 2017)

6128406DD4FB84372498F53EBF6FA671  (Aug 12, 2016 to Feb 04, 2017)

60CBC72B61CC9563E9FC40E5FC7DA5E7  (Jul 27, 2016 to Feb 04, 2017)

59494AFD95CC5ECBE819B52B0725F1A4  (Jul 13, 2016 to Feb 04, 2017)

586AB8EF886672D7E61688910492107C  (Jul 06, 2016 to Feb 04, 2017)

55BD61B753E2E51D1D1AFABAA5F020B7  (Jul 20, 2016 to Feb 04, 2017)

10 of 90 code signing certificates issued

* Note, the details and description above are based on the code signing digital signature issued to Yupeng Zhang by thawte, Inc. on June 22, 2016 with the serial number '615d07984b66092c7cf70ac7d7be69ab'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.