Desktop.Updater.exe

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file Desktop.Updater.exe by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Yontoo branded browser-extension.
Publisher:
cake bake  (signed by Web Cake)

Description:
Desktop.Updater

Version:
1.0.0.3

MD5:
5ca3fd560e495069f071e49e77396bbc

SHA-1:
ec430b253beef8a11b50d204a954af94dbf21efa

SHA-256:
3fef017ce0a655b3c64f95ef28fb83d39c7520d86be9b5332d655ed9be048033

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
12/23/2024 5:02:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.10.5.19

File size:
512 KB (524,288 bytes)

Product version:
1.0.0.3

Original file name:
Desktop.Updater.exe

Language:
Language Neutral

Common path:
C:\windows\temp\trz3df0.tmp

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 9:00:00 PM

Valid to:
4/9/2015 8:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
7/28/2013 12:53:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:P2qjvj3qD9T6mEosImUstBes+buioc6N94AdqP2YWvSdwKY2eiScMXfJ1rL:uqyD9T3EoBmFcuioD4LP22dwftimLrL

Entry address:
0xC6F2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
42 KB (43,008 bytes)

Remove Desktop.Updater.exe - Powered by Reason Core Security