Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.MSIL.Dotdo.FB

Adware.MSIL.Dotdo.FB

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 22,744
Threat Level: 20 % (Normal)
Infected Computers: 57
First Seen: February 16, 2022
Last Seen: May 23, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.MSIL.Dotdo.FB
Signature status: No Signature

Known Samples

MD5: f9ce1dbee24bb5a12738448cc5397de3
SHA1: 78d61cad39e1a8975dbe2bcd7f03d00bbe7549f0
SHA256: 5B077DD36CFAA24EED985DF5BAA9BC87B758980A4B2A5FBFD9FCD3D8D01C2629
File Size: 522.75 KB, 522752 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Assembly Version 9.3.4.97
Comments somalia
Company Name appease
File Description somalia
File Version 9.3.4.97
Internal Name handymen.exe
Legal Copyright Copyright © appease 2015
Legal Trademarks © 2015 appease
Original Filename handymen.exe
Product Name somalia
Product Version 9.3.4.97

File Traits

  • .NET
  • x86

Block Information

Total Blocks: 1,871
Potentially Malicious Blocks: 684
Whitelisted Blocks: 1,183
Unknown Blocks: 4

Visual Map

? ? ? ? 0 0 0 0 0 x 0 0 x x 0 x 0 x 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 x 0 x x x x 0 x 0 x x 0 x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x x 0 0 x x x x x x x 0 x x 0 x 0 x 0 0 x x x x x 0 0 0 x x x x x x x 0 0 0 0 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 x x x x x 0 0 0 x x x x 0 x x x x x x x x 0 0 0 0 x 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x 0 x x x 0 0 x x x 0 0 x 0 0 x x x x 0 x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x 0 0 0 x 0 0 0 0 0 0 x x 0 x x 0 0 0 x x x x 0 0 x x x x x 0 x 0 0 x x x 0 x x x 0 x x 0 x 0 x x x x x x x x 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 0 0 x 0 x x 0 0 x 0 x x 0 0 x x 0 0 x x x x 0 0 0 0 0 0 x x x x 0 x x 0 x x x 0 x 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 x 0 x 0 0 x 0 x 0 0 x 0 x x x 0 0 0 x 0 x x x 0 x x 0 x x x 0 x 0 x x x 0 0 0 x 0 x x x 0 x x x x x x x x x 0 x x 0 x x x 0 0 x 0 0 x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 x 0 x x x x x x x 0 x 0 0 x x x 0 0 x 0 0 0 x x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x x 0 x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 x 0 0 x 0 0 x 0 x 0 x x 0 x x x 0 0 0 0 0 x x x x x 0 x 0 0 x x x x x 0 0 x x 0 x x x 0 0 0 0 x 0 0 x x x 0 0 x 0 x 0 0 x 0 x x x x x x x 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x x x x 0 x x x 0 x 0 0 x 0 0 x x x x x x x 0 x 0 0 0 x 0 0 0 x 0 0 0 x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 x x 0 0 x x 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 x 0 x 0 x 0 0 x x 0 0 0 0 x 0 0 0 x 0 0 x 0 x 0 x x x x 0 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x 0 x x 0 0 x 0 0 0 0 0 0 0 0 x x 0 x 0 x 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 x 0 0 x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x 0 0 0 x 0 x 0 0 0 0 0 x x 0 0 0 0 x 0 0 0 0 x 0 x x 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 x 0 0 0 0 0 x x 0 x 0 x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x 0 0 x x 0 0 x x 0 0 0 0 0 x x 0 0 x 0 0 x x 0 0 0 0 0 0 0 x 0 0 0 x x 0 x x 0 0 0 0 0 x x x x 0 0 0 0 0 0 x x x 0 0 x 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x x x x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 x x x 0 0 0 0 x x x x x x x 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 x x x x x x 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 x 0 x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x x 0 0 0 x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 x x x 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 x 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Dotdo.FA

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Other Suspicious
  • AdjustTokenPrivileges
Encryption Used
  • CryptAcquireContext
Process Shell Execute
  • ShellExecuteEx
Network Winsock2
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • getaddrinfo
  • setsockopt
Network Winhttp
  • WinHttpOpen

Shell Command Execution

(NULL) C:\Program Files (x86)\sexuality\layered.exe

Trending

Most Viewed

Loading...