dora.dat

Desktop.Dora

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file dora.dat by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
Microsoft  (signed by Web Cake)

Product:
Desktop.Dora

Version:
1.0.0.20

MD5:
03ba84960901b723051baf8d773ecba0

SHA-1:
16532bc7d579a2050caaeddec1e4273148395bc3

SHA-256:
bad00d0ec31b5a37590ade46b5b5e3660a09443d9a799f963a6bfeffbc99ec9b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 3:07:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.12.16.4

File size:
183.3 KB (187,672 bytes)

Product version:
1.0.0.20

Copyright:
Copyright © Microsoft 2013

Original file name:
Desktop.Dora.dll

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\betcat\dat\dora.dat

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 9:00:00 PM

Valid to:
4/9/2015 8:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
11/25/2013 2:31:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x2DBC2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
175 KB (179,200 bytes)

Remove dora.dat - Powered by Reason Core Security