webcake.exe
KBM2 Installer
sterkly LLC
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application webcake.exe by sterkly has been detected as adware by 8 anti-malware scanners. The file has been seen being downloaded from api.kbm2.com.
MD5:
cf353635510d9f37b275197e4527d007
SHA-1:
4190a801516015fe6f6b2ae72a5a2d183eb06714
SHA-256:
5ac07ea135af2d6cfad4fd5bd64729f2f6af43cc224eafdc4b6383d7a7bf6583
Scanner detections:
8 / 68
Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.
Analysis date:
4/25/2024 9:50:29 AM UTC (today)
Scan engine
Detection
Engine version
AVG
AdInject.Sterkly
2014.0.3644
Boost by Reason
Adware.Installer.sterkly.H
2013.8.2.9
Dr.Web
Adware.Plugin.85
9.0.1.0214
ESET NOD32
Win32/KBM (variant)
7.8898
McAfee
Artemis!CF353635510D
5600.7154
Reason Heuristics
PUP.Installer.sterkly.H
14.2.28.17
Trend Micro House Call
TROJ_GEN.R047H01GT13
7.2.214
VIPRE Antivirus
sterkly LLC
22236
File size:
541.6 KB (554,616 bytes)
Copyright:
(c) Sterkly LLC. All rights reserved.
Original file name:
KBM2.exe
File type:
Executable application (Win32 EXE)
Language:
English (United States)
Common path:
C:\users\{user}\downloads\webcake.exe
Valid from:
1/21/2013 4:00:00 PM
Valid to:
2/21/2015 3:59:59 PM
Subject:
CN=sterkly LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=sterkly LLC, L=Carlsbad, S=California, C=US
Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number:
113C6B2C72DEF110BE64B2ABBC52861E
Compilation timestamp:
7/25/2013 10:15:04 AM
Code size:
342.5 KB (350,720 bytes)
The file webcake.exe has been seen being distributed by the following URL.