» programmonitor.dat.96288.gzquar
Overview
Analysis
File Details

programmonitor.dat.96288.gzquar

Desktop.ProgramMonitor

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file programmonitor.dat.96288.gzquar by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.

File name:

Publisher:

Web Cake (signed and verified)

Product:

Desktop.ProgramMonitor

Version:

1.0.0.0

MD5:

a3912af66951199eb78bb8ff35698f16

SHA-1:

789dd7c40812db99a44f8eb09b71fd2e091b9ef3

SHA-256:

aeaa2ed1ecd8611a3178134d42a90a05b5548983845c0e2760924507204fdf75

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/19/2024 6:04:51 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.WebCake (M)

16.2.13.22

File size:

581.3 KB (595,224 bytes)

Product version:

1.0.0.0

Original file name:

WebCake.Desktop.ProgramMonitor.dll

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\betcat\dat\programmonitor.dat.96288.gzquar

Digital Signature

Signed by:

Web Cake

Authority:

VeriSign, Inc.

Valid from:

4/8/2013 5:00:00 PM

Valid to:

4/9/2015 4:59:59 PM

Subject:

CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata

Compilation timestamp:

1/14/2014 7:05:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:fFQOWekjcuJeEKjQ9iCqcqpOB6MgmX5zJAWr/UllxzofG3uDGweyCu2UGNSSztMU:fFQOVkrGPIB6M7WllODGw1GNVQr59TsP

Entry address:

0x912B6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9651

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

573 KB (586,752 bytes)

Remove programmonitor.dat.96288.gzquar - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.