tmp00000002abd328b7b6277eb5

Web-Cake Runtime

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The file tmp00000002abd328b7b6277eb5 by Web Cake has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Yontoo branded browser-extension.
Publisher:
Let Them Eat Web-Cake LLC  (signed by Web Cake)

Product:
Web-Cake Runtime

Version:
1.00.01

MD5:
f80ac068a18f1d8c3af5e3549ddca042

SHA-1:
d73324ef263a0f16c85093236b64209543ef3f95

SHA-256:
2e7b53079401fc8dee513922b850d3ba47260cc2eb81ee0baa76aa8f85cf11f4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 3:07:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.9.30.2

File size:
512 KB (524,288 bytes)

Product version:
1.00.01

Copyright:
Copyright (c) 2013 Let Them Eat Web-Cake LLC. All rights reserved.

Original file name:
WebCakeIEClient.dll

Language:
English (United States)

Common path:
C:\windows\temp\tmp00000002abd328b7b6277eb5

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/9/2013 8:00:00 AM

Valid to:
4/10/2015 7:59:59 AM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
8/13/2013 9:46:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:1AlfBOaI0jpE/mddK15H6N94AdqP2YWvSdwKYDmaOgoPsqDqWfa:KlfBtI02/ml4LP22dwfDmaOgoPsCqn

Entry address:
0x12607

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B5, 65, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, F0, 9D, 02, 10, 5D, C3, 8B, FF, 55, 8B, EC, FF, 35, F0, 9D, 02, 10, FF, 15, 58, 01, 02, 10, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 6A, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 15, 50, 01, 02, 10, 33, C9, 85, C0, 0F, 95, C1, A3, F8, 9D, 02, 10, 8B, C1, C3, FF, 35, F8, 9D, 02, 10, FF, 15...
 
[+]

Code size:
119.5 KB (122,368 bytes)

Remove tmp00000002abd328b7b6277eb5 - Powered by Reason Core Security