» Desktop.OS.dll
Overview
Analysis
File Details

Desktop.OS.dll

Desktop

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file Desktop.OS.dll by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Yontoo branded browser-extension.

File name:

Desktop.OS.dll

Publisher:

Web Cake (signed and verified)

Product:

Desktop

Description:

VGCDesktop.OS

Version:

1.0.0.1

MD5:

52e77a615eddcc31c659a80bafed5bd1

SHA-1:

d5c2149318fc2e6a3fcd0faa270c1205be44ed97

SHA-256:

8a4e201b1aa83f20dac37ac84086313486a9430b10da43cc4c35ed625dd58fe9

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/19/2024 9:32:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

16.10.6.11

File size:

512 KB (524,288 bytes)

Product version:

1.0.0.1

Original file name:

Desktop.OS.dll

Language:

Language Neutral

Common path:

C:\windows\temp\trz1f52.tmp

Digital Signature

Signed by:

Web Cake

Authority:

VeriSign, Inc.

Valid from:

4/9/2013 1:00:00 AM

Valid to:

4/10/2015 12:59:59 AM

Subject:

CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata

Compilation timestamp:

6/6/2013 12:05:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:Mcf9BHKFe0RB/HJLNUMudWT+4Jum0bqGvKuTV:9fnU1JqMudWBOqY5

Entry address:

0xDF0E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

48 KB (49,152 bytes)

Remove Desktop.OS.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.