WebCakeDesktop.exe

WebCake Desktop

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The application WebCakeDesktop.exe by Web Cake has been detected as adware by 24 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WebCake Desktop’. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
WebCake LLC  (signed by Web Cake)

Product:
WebCake Desktop

Version:
1.0.0.1

MD5:
9eee55b742b65439a0a45bf895e5cea1

SHA-1:
3974af6435d0019aa8c84be925611f9287976cc4

SHA-256:
3e7eef2daa7a1085a9dce7550d7ed6912f043487c58f0f66ba85a73ec4cef42c

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/23/2024 3:51:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.WebCake.C
1151

Avira AntiVirus
Adware/WebCake.F
7.11.121.4

avast!
Win32:Webcake-A [Adw]
2014.9-131125

AVG
AdInject.WebCake
2014.0.3645

Bitdefender
Adware.WebCake.C
1.0.20.1645

Bkav FE
W32.Carena.Trojan
1.3.0.4613

Boost by Reason
Optional.Startup.WebCake.O
188838

Clam AntiVirus
Win.Adware.Webcake-1
0.98/18355

Comodo Security
ApplicUnwnt
17473

Emsisoft Anti-Malware
Adware.WebCake
8.13.11.25.11

ESET NOD32
MSIL/WebCake (variant)
7.9190

Fortinet FortiGate
Adware/Fam.NB
2/11/2014

F-Secure
Adware.WebCake.C
11.2013-25-11_2

G Data
Adware.WebCake
13.11.22

IKARUS anti.virus
AdWare.WebCake
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10588

Malwarebytes
Adware.WebCake
v2013.11.25.11

Microsoft Security Essentials
1.165.247.01

MicroWorld eScan
Adware.WebCake.C
14.0.0.987

nProtect
Adware.WebCake.C
13.12.20.01

Panda Antivirus
Generic Malware
13.11.25.11

Quick Heal
Adware.WebCake (Not a Virus)
11.13.12.00

Reason Heuristics
PUP.Yontoo.WebCake
15.4.27.0

VIPRE Antivirus
Yontoo
26356

File size:
46.8 KB (47,896 bytes)

Product version:
1.0.0.1

Copyright:
(c) WebCake LLC. All rights reserved.

Original file name:
WebCakeDesktop.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\webcake\webcakedesktop.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/8/2013 5:00:00 PM

Valid to:
4/9/2015 4:59:59 PM

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
Compilation timestamp:
5/16/2013 4:19:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:I+SnvtasDrNpagFYw/SVht5iFOOLOwCOKLsbz4swFCSiJ1:I+SnFasDPaPwAhtbOLOwCOKLsbz4bsSW

Entry address:
0xB60E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9451

Code size:
38 KB (38,912 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WebCake Desktop

Command:
"C:\users\{user}\appdata\roaming\webcake\webcakedesktop.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 60.ip-144-217-12.net  (144.217.12.60:443)

TCP (HTTP):
Connects to a23-37-165-163.deploy.static.akamaitechnologies.com  (23.37.165.163:80)

Remove WebCakeDesktop.exe - Powered by Reason Core Security