home

Yuxin WANG

Publisher Information

Yuxin WANG is a software publisher located in Beijing, China*. The company is a primary distributor of unwanted software. Thre are 46 additional code signing certificates issued to this publisher.
Authority:
thawte, Inc.

Valid from:
8/30/2015 9:00:00 PM

Valid to:
8/12/2017 8:59:59 PM

Subject:
CN=Yuxin WANG, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
251a39265bc12de8c796f69fa27b9d75

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ELEX.YuxinWANG (M), Threat.Win.Reputation.IMP, PUP.ELEX.YuxinWAN (M)
100.00%

Malwarebytes
PUP.Optional.MyStartSearch.ShrtCln, PUP.Optional.IStartSurf.ShrtCln, PUP.Optional.Omniboxes.ShrtCln, PUP.Optional.OurSeaching
76.47%

ESET NOD32
Win32/ELEX.EY potentially unwanted (variant), Win32/ELEX.FG potentially unwanted (variant)
70.59%

AhnLab V3 Security
PUP/Win32.Agent
41.18%

Dr.Web
Adware.Mutabaha.671, Adware.Mutabaha.706
35.29%

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
11.76%

Avira AntiVirus
ADWARE/ELEX.A.153
5.88%

F-Secure
Gen:Variant.Application.Jatif
5.88%

herdProtect (fuzzy)
a variant of 5fc6fd7aa539ba4b4960e414f2a0d39cbe2bd73e
5.88%

1 / 68      (Adware)
oursurfing.exe (4689_2sq3_oursurfing by Portmon/EE)  (bbe329c9953266fbd1a3fdc8b3aa42c1)

1 / 68      (Adware)
oursurfing.exe (4686_2sq1_oursurfing by Portmon/EE)  (853e100212a4c6e512d70ca59873c718)

1 / 68      (Adware)
oursurfing.exe (4689_2sq3_oursurfing by Portmon/EE)  (2814ee214db8aa4d895c4502e3f26c9e)

6 / 68      (Adware)
yea_oursurfing.exe (4734_yea_oursurfing by 7th)  (6fe7b326c67b0ed2ba7b7ae9f7c5847e)

5 / 68      (Adware)
smt_oursurfing.exe (4680_smt_oursurfing by Portmon/EE)  (cb0c96bd9d23fce879a109b6f4d08faa)

5 / 68      (Adware)
426.exe (4692_tt4u_oursurfing by Portmon/EE)  (eff0de4e8874f7c53b3b5a14638219bc)

3 / 68      (Adware)
adv_46.exe (4683_ima_istartsurf by Portmon/EE)  (714d7a0a3fa6df4b535dabade505419d)

5 / 68      (Adware)
tti_omniboxes.exe (4691_tti_omniboxes by Portmon/EE)  (2531b1cf51a929a13eacb9a3bb765eb4)

5 / 68      (Adware)
smt_istartsurf.exe (4679_smt_istartsurf by Portmon/EE)  (f5d966688c36a186c7c0ac3e1dc07d38)

5 / 68      (Adware)
0p1i9lkpusw==2.exe (4687_2sq_oursurfing by Portmon/EE)  (f147e1b06e9cb15ef17b8139a7a5b63c)

3 / 68      (Adware)
adv_46.exe (4683_ima_istartsurf by Portmon/EE)  (f17fdc36954b64abe65844c4bbe34bb3)

3 / 68      (Adware)
adv_76.exe (4682_ima_mystartsearch by Portmon/EE)  (5adcee81bcbd6767c19a6ea7752ead19)

3 / 68      (Adware)
smt_oursurfing.exe (4680_smt_oursurfing by Portmon/EE)  (6f0109caf6519017f407658897ea7a48)

6 / 68      (Adware)
tti_omniboxes.exe (4691_tti_omniboxes by Portmon/EE)  (e3852d5d1fc4f44dd09c43a9118e0670)

3 / 68      (Adware)
smt_istartsurf.exe (4679_smt_istartsurf by Portmon/EE)  (1c90154699fc174980e30a715b03461a)

4 / 68      (Adware)
adv_76.exe (4682_ima_mystartsearch by Portmon/EE)  (87a7a89b26ffa50ec2bab2908a6da3a2)

1 / 68      (Adware)
ws182fbc00.dat (4687_2sq_oursurfing by Portmon/EE)  (ee2f6c6431bd10f391967b0bccaca2a7)

Downloads URLs for files signed by Yuxin WANG.

5 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (f147e1b06e9cb15ef17b8139a7a5b63c)

1 / 68      (Adware)
http://d2drfrdurj6mvo.cloudfront.net/.../2sq_oursurfing.exe  (ee2f6c6431bd10f391967b0bccaca2a7)

The following websites host and distribute files published by Yuxin WANG.

d2drfrdurj6mvo.cloudfront.net

The certificates below are also signed by Yuxin WANG.

2C416DD3D70B97FC4234C97961D44A24  (Dec 07, 2015 to Aug 14, 2017)

42B89DFF0EF561EC67F3D06741ADE295  (Nov 25, 2015 to Aug 14, 2017)

56493BF0156090CDE0540B795E8541C0  (Feb 10, 2016 to Aug 14, 2017)

2DA55CBA91AF41B2B38306063798B9CB  (Jan 11, 2016 to Aug 14, 2017)

0AB62C6D3E19ADF07A06CAFBBBAA27A5  (Feb 08, 2016 to Aug 14, 2017)

778C2E8E17E285D4882E35D29D8224A9  (Jan 05, 2016 to Aug 14, 2017)

53780CF050BA35CB5EB86E310BA4C82A  (Jan 13, 2016 to Aug 14, 2017)

32FE5013D2C7ECC50B6FCEF24F95BE42  (Jan 15, 2016 to Aug 14, 2017)

5EA44E193FCC51F5A02C23795BDE703B  (Nov 27, 2015 to Aug 14, 2017)

28F4F18BAB757CB08FF1DAFF92ED918D  (Jan 08, 2016 to Aug 14, 2017)

10 of 46 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Giner Tech Inc

Skytouch Technology Co., Limited

Minidigital Technology Co., Limited

Thinknice Co., Limited

Shulan Hou

Xiaoqing Liu

Taiming Li

Fuyuan Zhou

Li Mo

Thinknice Co. Limited

Banyan Tree Technology Limited

EasyVpn

* Note, the details and description above are based on the code signing digital signature issued to Yuxin WANG by thawte, Inc. on August 30, 2015 with the serial number '251a39265bc12de8c796f69fa27b9d75'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.