home

dora.dat

Desktop.Dora

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file dora.dat by Web Cake has been detected as adware by 28 anti-malware scanners. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
Microsoft  (signed by Web Cake)

Product:
Desktop.Dora

Version:
1.0.0.7

MD5:
edd063a29fa659396e624fea28323bdd

SHA-1:
7e5ce227c14a2641ff61ae5cac9c166bd022e337

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 1:04:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.WebCake.C
865

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
Adware/WebCake.B
7.11.155.86

avast!
Win32:Webcake-A [Adw]
2014.9-140922

AVG
AdInject.WebCake
2015.0.3343

Baidu Antivirus
Trojan.MSIL.WebCake
4.0.3.14922

Bitdefender
Adware.WebCake.C
1.0.20.1325

Bkav FE
W32.Clod9d3.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt
18587

Emsisoft Anti-Malware
Adware.WebCake
8.14.09.22.12

ESET NOD32
MSIL/WebCake (variant)
8.9415

Fortinet FortiGate
Adware/Fam.NB
9/22/2014

F-Secure
Adware.WebCake.C
11.2014-22-09_2

G Data
Adware.WebCake
14.9.24

IKARUS anti.virus
AdWare.WebCake
t3scan.2.2.29

K7 AntiVirus
Trojan
13.1712436

McAfee
Artemis!B251FA34DDDC
5600.6999

Microsoft Security Essentials
Adware:Win32/WebCake
1.10904

MicroWorld eScan
Adware.WebCake.C
15.0.0.795

nProtect
Adware.WebCake.C
14.02.12.02

Panda Antivirus
Generic Malware
14.09.22.12

Qihoo 360 Security
Win32/Virus.Adware.b7c
1.0.0.1015

Quick Heal
AdWare.WebCake.r3 (Not a Virus)
9.14.14.00

Reason Heuristics
PUP.WebCake.H
14.9.22.12

Rising Antivirus
PE:Trojan.Win32.Generic.15A498CB!363108555
23.00.65.14920

Sophos
Generic PUA GE
4.98

Trend Micro House Call
TROJ_GEN.F47V1003
7.2.265

VIPRE Antivirus
Yontoo
26398

File size:
177.3 KB (181,528 bytes)

Product version:
1.0.0.7

Copyright:
Copyright © Microsoft 2013

Original file name:
Desktop.Dora.dll

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\AppData\web cake\dat\dora.dat

Digital Signature
Signed by:
Web Cake

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 9:00:00 PM

Valid to:
4/9/2015 8:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
8/8/2013 4:07:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:s4zkIloSEhWyzqPoPQlFrzLK9dJLftDW57xgx+fwx4AjIBfzjwsmTLtbuN:s4MSgWyIoPQlFrkdJLftSicwSCgotc

Entry address:
0x2C272

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
169 KB (173,056 bytes)

Remove dora.dat - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.