» WebCakeIEClient.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

WebCakeIEClient.dll

WebCake Runtime

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The module WebCakeIEClient.dll by Web Cake has been detected as adware by 25 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘WebCake Layers’. This file is typically installed with the program WebCake 3.00 by Web Cake LLC which is a potentially unwanted software program. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo branded browser-extension.

File name:

WebCakeIEClient.dll

Publisher:

WebCake LLC (signed by Web Cake)

Product:

WebCake Runtime

Version:

1.00.01

MD5:

e867aeb1040b79cc824069bd8140df23

SHA-1:

b78fda77f5a05d8dc9a8c77338751505afcb33de

SHA-256:

dc7d06884ab9887f8e294d0fa347c8461f39c4adc2251680019e5576b629a15d

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/27/2024 3:20:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.WebCake.A

416

Agnitum Outpost

Adware.Yontoo

7.1.1

avast!

Win32:Webcake-A [Adw]

2014.9-151216

AVG

AdInject.WebCake

2016.0.2894

Bitdefender

Adware.WebCake.A

1.0.20.1750

Comodo Security

ApplicUnwnt

17097

Dr.Web

Adware.Plugin.11

9.0.1.0350

Emsisoft Anti-Malware

Adware.WebCake

8.15.12.16.01

ESET NOD32

Win32/Adware.Yontoo (variant)

9.9461

Fortinet FortiGate

Riskware/Yontoo

12/16/2015

F-Secure

Adware.WebCake.A

11.2015-16-12_4

G Data

Adware.WebCake

15.12.24

IKARUS anti.virus

AdWare.WebCake

t3scan.2.2.29

K7 AntiVirus

Riskware

13.176.11239

Kaspersky

not-a-virus:AdWare.Win32.WebCake

14.0.0.965

Malwarebytes

Adware.WebCake

v2015.12.16.01

Microsoft Security Essentials

Adware:Win32/WebCake

1.10302

MicroWorld eScan

Adware.WebCake.A

16.0.0.1050

NANO AntiVirus

Riskware.Win32.WebCake.cricoi

0.28.0.57630

nProtect

Adware.WebCake.A

14.02.23.01

Panda Antivirus

Adware/WebCake

15.12.16.01

Reason Heuristics

PUP.Yontoo.WebCake (M)

15.12.16.1

Trend Micro House Call

TROJ_GEN.F47V0624

7.2.350

Vba32 AntiVirus

AdWare.WebCake

3.12.24.3

VIPRE Antivirus

Yontoo

26790

File size:

193.3 KB (197,912 bytes)

Product version:

1.00.01

Original file name:

WebCakeIEClient.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\webcake\webcakeieclient.dll

Digital Signature

Signed by:

Web Cake

Authority:

VeriSign, Inc.

Valid from:

4/8/2013 8:00:00 PM

Valid to:

4/9/2015 7:59:59 PM

Subject:

CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

06B9035EE5A556582D9427CC2C8DD0BC

Registration

CLSIDs:

{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}, {AF6B0594-6008-4327-93E5-608AD710A6FA}, {DF84E609-C3A4-49CB-A160-61767DAF8899}

ProgIDs:

WebCakeIEClient.Layers.1, WebCakeIEClient.Api.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

5/6/2013 2:56:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:/vWsTkr15AyNY0pyS7AWLpRW2gm4OfUVGzpKkT1eHmFfm0/Yq:/zybPNrOaR1gm4OfJpKttq

Entry address:

0x12587

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B5, 65, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, F0, 8D, 02, 10, 5D, C3, 8B, FF, 55, 8B, EC, FF, 35, F0, 8D, 02, 10, FF, 15, 58, 01, 02, 10, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 6A, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 15, 50, 01, 02, 10, 33, C9, 85, C0, 0F, 95, C1, A3, F8, 8D, 02, 10, 8B, C1, C3, FF, 35, F8, 8D, 02, 10, FF, 15... 
[+]

Entropy:

6.3795

Code size:

119.5 KB (122,368 bytes)

Internet Explorer BHO

Display name:

WebCake Layers

CLSID:

{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}

CLSID name:

WebCake

The file WebCakeIEClient.dll has been discovered within the following program.

WebCake 3.00 by Web Cake LLC

The WebCake web browser plugin by sterkly LLC declares that it can sweeten browsing experience. It can modify Windows hosts file and DNS settings.

www.getwebcake.com

84% remove it

Remove WebCakeIEClient.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.