home

Desktop.OS.dll

Desktop OS

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The module Desktop.OS.dll by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
Tepfel  (signed by Web Cake)

Product:
Desktop OS

Description:
Desktop.OS

Version:
1.0.0.0

MD5:
88dafe2c79ce520686204dd0ae871068

SHA-1:
2167c4cd90b636750cded02b5256f296f6d5aa23

SHA-256:
2818aaddff6ee3bff11d2c944d9140e9d9ada456c4b3cd3c6783ba4a11b68046

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/25/2024 11:35:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.10.15.5

File size:
52.3 KB (53,528 bytes)

Product version:
1.0.0.0

Original file name:
Desktop.OS.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\desktop.os.dll

Digital Signature
Signed by:
Web Cake

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 9:00:00 PM

Valid to:
4/9/2015 8:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
11/26/2013 7:47:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:dzMdXYjDzuhTwrspL0/pK2zGN5wOZFSEpTxZcojJ5by4Zs0YhuJN:dzMdXYjDKhsQpL+pKWGDw2XjjJ52WehS

Entry address:
0xCE42

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
44 KB (45,056 bytes)

Remove Desktop.OS.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.