home

Dinosaur

Publisher Information

Dinosaur is a software publisher located in Cali, Pandora in Netherlands*. There is one additional code signing certificate issued to this publisher.
Authority:
getaCert - www.getacert.com

Valid from:
4/1/2015 11:58:13 PM

Valid to:
5/31/2015 11:58:13 PM

Subject:
E=LOL@run.away, CN=Melaldon, OU=Carnivore, O=Dinosaur, L=Cali, S=Pandora, C=NL

Issuer:
O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:
0df6

Scanner detections:
Malware distribution  (94% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan.GenericKDZ.27682
100.00%

MicroWorld eScan
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan.GenericKDZ.27682, Trojan.Generic.13122047, Trojan.Generic.15162749
86.67%

nProtect
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan/W32.Agent.519696
86.67%

ESET NOD32
Win32/TrojanDownloader.Banload.SJG, MSIL/Injector.IZQ (variant), Win32/TrojanDownloader.Banload.VSA, MSIL/Kryptik.BPM (variant)
86.67%

avast!
Win32:Broban-AR [Trj], Win32:Malware-gen
86.67%

Bitdefender
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan.GenericKDZ.27682
86.67%

Lavasoft Ad-Aware
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan.GenericKDZ.27682
86.67%

G Data
Trojan.GenericKDZ.27648, Trojan.Generic.13128564, Trojan.GenericKD.2277693, Trojan.GenericKD.2270178, Trojan.GenericKDZ.27682
86.67%

Fortinet FortiGate
MSIL/Banload.SJG!tr, MSIL/Injector.IXP!tr, W32/Banload.SJG!tr.dldr, MSIL/IXP!tr, MSIL/Injector.IZQ!tr, MSIL/Kryptik.BPM!tr
86.67%

AVG
PSW.MSIL, Generic, MSIL7, Downloader.Banload2, Downloader.MSIL
86.67%

0 / 68
explorer.exe (NilppEtB)  (94a64feb9b4d51bc66111f8820cfa3e9)

32 / 68    (Malware)
u9ljh.exe (XssjiriW)  (0256fef5e3bc2b7a68990b14aebcd20e)

16 / 68    (Malware)
screenshot.png .exe (wNBizlON)  (51e7ddefeabf03656ad8c979f9eb0309)

28 / 68    (PUP)
zKqTyFfR.exe (zKqTyFfR)  (007b1cbfb526b3333fc7037c8bd7d7fc)

29 / 68    (PUP)
img_02112014.scr (lCsRLSwJ)  (8afc2c1555afe4c96a73a061e585c202)

4 / 68      (Malware)
chrome.exe (xhzjtgTO)  (a211592b205261540c0350626df97815)

32 / 68    (Malware)
{blocked}.exe (ZFWFnxHA)  (1684f3e569b21cec770529bf4e88d3b7)

16 / 68    (Malware)
{blocked}.exe (RBKGdKPo)  (cfba1ee33077ef8e1afc8784718b0cd6)

5 / 68      (Malware)
{blocked}.exe (KyLfODfr)  (1474caba483d2de93b9f2eb3bec60c2d)

32 / 68    (Malware)
copiacheques.exe (yfROxRFR)  (8158fbefc24c9897179429262370938b)

35 / 68    (Malware)
manifestoeletronico.exe (vAGwLjtM)  (5794139c8b028a7b30602ccd89d1d6a1)

22 / 68    (Malware)
winhttpres.exe (UIMWMQVs)  (f4c1eeff2c0575ebbbcd633582612dba)

31 / 68    (Malware)
copiacheques.exe (JuqLMwEK)  (c33621e4f89e2da4aaa62e364b3b98cc)

14 / 68    (Malware)
GSZWjyfm.exe (GSZWjyfm)  (97a249810c231b31b11b6eddda33e955)

26 / 68    (Malware)
explorer.exe (ldffdfDz)  (6521af52e189abe3904ce9731e833986)

37 / 68    (Malware)
wrSMduWo.exe (wrSMduWo)  (cb92124345898b9f5be6b0130260c084)

Downloads URLs for files signed by Dinosaur.

37 / 68    (Malware)
https://storage.googleapis.com/.../InnaComponentes.exe  (cb92124345898b9f5be6b0130260c084)

16 / 68    (Malware)
http://goo.gl/TsomOX  (screenshot.png .exe)

32 / 68    (Malware)
https://storage.googleapis.com/.../CopiaCheques.exe  (8158fbefc24c9897179429262370938b)

35 / 68    (Malware)
https://storage.googleapis.com/.../ManifestoEletronico.exe  (5794139c8b028a7b30602ccd89d1d6a1)

The following websites host and distribute files published by Dinosaur.

storage.googleapis.com

The following certificate is also signed by Dinosaur.

0CF5  (Mar 15, 2015 to May 14, 2015)

The following publishers (by Authenticode signature organization name) are related.

IMALI – N.I. MEDIA LTD

Vectric Limited

PSEUDiO Ltd

OOO DIGITAL VEI

OOO Advert M

DigiExam Solutions Sweden AB

Power Software Limited

Adverts Technologies

Digital Vei,OOO

OOO Kod Intertainment

OOO Next Point

OOO DIGITAL MEMORI

Steak House

Kapa

EVO DIGITAL MEDIA CONSULTORIA E TECNOLOGIA LTDA

OOO Digital

OOO DIGITAL ZON

Disc Soft Ltd

Telegram Messenger LLP

Adverts Alliance

think-cell Software GmbH

Code Sector

OOO Digital Servis

Switch Communications, Inc.

SAPO

One Call Ltd

OOO Digital Zone

Motorola Mobility Inc.

Irfan Skiljan

Bluefire Productions, LLC

30 of 71 publishers

* Note, the details and description above are based on the code signing digital signature issued to Dinosaur by getaCert - www.getacert.com on April 01, 2015 with the serial number '0df6'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.