home

component_634

WebCake

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file component_634 by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
WebCake LLC  (signed by Web Cake)

Product:
WebCake

Description:
Installer

Version:
2013.6.18.1520

MD5:
5fb96dcd61196c66dee9fee0b8705702

SHA-1:
79abf9d2eb6e20937b1c4607a7d3021bdf574d34

SHA-256:
2dcd076125213f8d0e7580f21963d0285d83cc76e466d02b0a1a4a3dc16e238d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/25/2024 10:46:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.9.29.21

File size:
479.6 KB (491,112 bytes)

Product version:
3.00

Copyright:
Copyright (c) 2013 WebCake LLC. All rights reserved.

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\component_634

Digital Signature
Signed by:
Web Cake

Authority:
VeriSign, Inc.

Valid from:
4/9/2013 8:00:00 AM

Valid to:
4/10/2015 7:59:59 AM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
3/11/2011 10:55:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:jnbfULioXPFKtWD0ssQdOioXPFKtWD0ssQd6:zbfU+MiNAZMiNA6

Entry address:
0x15B4

Entry point:
55, 8B, EC, 81, EC, CC, 05, 00, 00, 53, 56, 33, DB, 57, C6, 85, 34, FA, FF, FF, 00, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, 3C, FE, FF, FF, 50, C7, 85, 3C, FE, FF, FF, 94, 00, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, A8, 32, 40, 00, E8, 36, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, 20, 02, 00, 00, 8B, 35, 68, 30, 40, 00, 68, 94, 32, 40, 00, 68, 84, 32, 40, 00, FF, D6, 50, FF, 15, 64, 30, 40...
 
[+]

Entropy:
7.9836

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

Remove component_634 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.