wcore06062013.exe

WebCake

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The application wcore06062013.exe by Web Cake has been detected as adware by 24 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
WebCake LLC  (signed by Web Cake)

Product:
WebCake

Description:
Installer

Version:
2013.5.31.1032

MD5:
8f5ea39a40188efe769d15df4c909c39

SHA-1:
a96144c1d980b72ef71a99c7c6c022221504e407

SHA-256:
7703bfa1a504de71d91b33b1ad7aa7bb64c3e97eb483b44f54e2a20843c249e9

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/24/2024 3:26:16 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Yontoo
7.1.1

avast!
Win32:Webcake-A [Adw]
2014.9-131125

AVG
AdInject.WebCake
2014.0.3644

Bitdefender
Adware.WebCake.C
1.0.20.1645

Bkav FE
W32.Clod29e.Trojan
1.3.0.4415

Boost by Reason
Trojan.Adw.Installer.WebCake.N
2013.8.2.9

Comodo Security
UnclassifiedMalware
17230

Dr.Web
Adware.Plugin.11
9.0.1.0214

Emsisoft Anti-Malware
Adware.WebCake
8.13.11.25.03

ESET NOD32
Win32/WebCake
7.9018

F-Secure
Adware.WebCake.C
11.2013-25-11_2

G Data
Adware.WebCake
13.11.22

IKARUS anti.virus
AdWare.Yontoo
t3scan.2.0.127

Malwarebytes
PUP.Optional.WebCake.A
v2013.11.25.03

McAfee
Artemis!8F5EA39A4018
5600.7270

Microsoft Security Essentials
1.163.1557.3

MicroWorld eScan
Adware.WebCake.C
14.0.0.987

nProtect
Adware.WebCake.C
13.11.07.01

Panda Antivirus
Adware/WebCake
13.11.25.03

Reason Heuristics
PUP.Installer.WebCake.N
14.8.7.17

Rising Antivirus
Trojan.InstallRex!562A
23.00.65.131123

SUPERAntiSpyware
Adware.WebCake
10654

Trend Micro House Call
TROJ_GEN.R0CBH01H913
7.2.214

VIPRE Antivirus
Yontoo
23132

File size:
1.2 MB (1,210,848 bytes)

Product version:
3.00

Copyright:
Copyright (c) 2013 WebCake LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wcore06062013.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 5:00:00 PM

Valid to:
4/9/2015 4:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
3/10/2011 6:55:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:QtlpZU+kCbptXMaU4He4u8McaMuuEFFPMUqtPT/NXPuS:APmZOtBw8McXEXPPIRXPuS

Entry address:
0x1627

Entry point:
55, 8B, EC, 81, EC, 58, 0B, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, A8, F4, FF, FF, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, B8, FC, FF, FF, 50, C7, 85, B8, FC, FF, FF, 14, 01, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, 30, 34, 40, 00, E8, 40, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, C5, 01, 00, 00, 68, 1C, 34, 40, 00, 68, 0C, 34, 40, 00, FF, 15, 68, 30, 40, 00, 50, FF, 15, 64, 30, 40, 00, 3B...
 
[+]

Code size:
7.5 KB (7,680 bytes)

The file wcore06062013.exe has been seen being distributed by the following URL.

Remove wcore06062013.exe - Powered by Reason Core Security