» WebCakeDesktop.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

WebCakeDesktop.exe

WebCake Desktop

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The application WebCakeDesktop.exe by Web Cake has been detected as adware by 24 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WebCake Desktop’. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.

File name:

WebCakeDesktop.exe

Publisher:

WebCake LLC (signed by Web Cake)

Product:

WebCake Desktop

Version:

1.0.0.1

MD5:

9eee55b742b65439a0a45bf895e5cea1

SHA-1:

3974af6435d0019aa8c84be925611f9287976cc4

SHA-256:

3e7eef2daa7a1085a9dce7550d7ed6912f043487c58f0f66ba85a73ec4cef42c

Scanner detections:

24 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/2/2024 7:07:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.WebCake.C

1151

Avira AntiVirus

Adware/WebCake.F

7.11.121.4

avast!

Win32:Webcake-A [Adw]

2014.9-131125

AVG

AdInject.WebCake

2014.0.3645

Bitdefender

Adware.WebCake.C

1.0.20.1645

Bkav FE

W32.Carena.Trojan

1.3.0.4613

Boost by Reason

Optional.Startup.WebCake.O

188838

Clam AntiVirus

Win.Adware.Webcake-1

0.98/18355

Comodo Security

ApplicUnwnt

17473

Emsisoft Anti-Malware

Adware.WebCake

8.13.11.25.11

ESET NOD32

MSIL/WebCake (variant)

7.9190

Fortinet FortiGate

Adware/Fam.NB

2/11/2014

F-Secure

Adware.WebCake.C

11.2013-25-11_2

G Data

Adware.WebCake

13.11.22

IKARUS anti.virus

AdWare.WebCake

t3scan.2.2.29

K7 AntiVirus

Riskware

13.174.10588

Malwarebytes

Adware.WebCake

v2013.11.25.11

Microsoft Security Essentials

Adware:Win32/WebCake

1.165.247.01

MicroWorld eScan

Adware.WebCake.C

14.0.0.987

nProtect

Adware.WebCake.C

13.12.20.01

Panda Antivirus

Generic Malware

13.11.25.11

Quick Heal

Adware.WebCake (Not a Virus)

11.13.12.00

Reason Heuristics

PUP.Yontoo.WebCake

15.4.27.0

VIPRE Antivirus

Yontoo

26356

File size:

46.8 KB (47,896 bytes)

Product version:

1.0.0.1

Original file name:

WebCakeDesktop.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\webcake\webcakedesktop.exe

Digital Signature

Signed by:

Web Cake

Authority:

VeriSign, Inc.

Valid from:

4/8/2013 5:00:00 PM

Valid to:

4/9/2015 4:59:59 PM

Subject:

CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata

Compilation timestamp:

5/16/2013 4:19:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:I+SnvtasDrNpagFYw/SVht5iFOOLOwCOKLsbz4swFCSiJ1:I+SnFasDPaPwAhtbOLOwCOKLsbz4bsSW

Entry address:

0xB60E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9451

Code size:

38 KB (38,912 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WebCake Desktop

Command:

"C:\users\{user}\appdata\roaming\webcake\webcakedesktop.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:443)

TCP (HTTP):

Connects to a23-37-37-163.deploy.static.akamaitechnologies.com (23.37.37.163:80)

TCP (HTTP SSL):

Connects to 60.ip-144-217-12.net (144.217.12.60:443)

TCP (HTTP):

Connects to a23-37-165-163.deploy.static.akamaitechnologies.com (23.37.165.163:80)

Remove WebCakeDesktop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.