home

webcakesetup.exe

WebCake

Web Cake

This file is part of the Web Cake web browser extension, an adware plugin for various web browsers designed to deliver context based advertising injected directly in the web pages a user is viewing as well opens advertisements that appear independently outside the context of the program, website, or other source the advertisements are promoting. The application webcakesetup.exe by Web Cake has been detected as adware by 24 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. By plugging into the web browser, this extension will inject advertisements both banner and context hyperlinks based on the web sites being visited. It can be installed from the program's website or it may be bundled by third-party software installation programs. It is part of the Yontoo web-extension that injects advertisements in the browser.
Publisher:
WebCake LLC  (signed by Web Cake)

Product:
WebCake

Description:
Installer

Version:
2013.6.7.1356

MD5:
f3c422fee54f135d99cfa9dc3d133db4

SHA-1:
67d181f0d9fec6690c0ae4c606dea14a5c0e6cdd

SHA-256:
71cad4eab09ce716ceb1379a90226f268d4360b76f5bcdec75ed6ec24ed80844

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/16/2024 5:28:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.WebCake.C
1143

Agnitum Outpost
Adware.Yontoo
7.1.1

avast!
Win32:Webcake-A [Adw]
2014.9-131219

AVG
AdInject.WebCake
2014.0.3621

Bitdefender
Adware.WebCake.C
1.0.20.1765

Bkav FE
W32.Clod80e.Trojan
1.3.0.4613

Boost by Reason
Optional.WebCake.M
188838

Dr.Web
Adware.Plugin.11
9.0.1.0353

Emsisoft Anti-Malware
Adware.WebCake
8.13.12.19.06

ESET NOD32
Win32/WebCake
7.9148

F-Secure
Adware.WebCake.C
11.2013-19-12_5

G Data
Adware.WebCake
13.12.22

IKARUS anti.virus
AdWare.Yontoo
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10446

Malwarebytes
PUP.Optional.WebCake.A
v2013.12.19.06

Microsoft Security Essentials
Adware:Win32/WebCake
1.163.1557.0

MicroWorld eScan
Adware.WebCake.C
14.0.0.1059

nProtect
Adware.WebCake.C
13.12.08.01

Panda Antivirus
Adware/WebCake
13.12.19.06

Reason Heuristics
PUP.Installer.WebCake.M
14.8.7.17

Rising Antivirus
PE:Trojan.InstallRex!1.9CB0
23.00.65.131217

SUPERAntiSpyware
Adware.WebCake
10898

VIPRE Antivirus
Yontoo
24158

ViRobot
Adware.Webcake.1208728
2011.4.7.4223

File size:
1.2 MB (1,208,728 bytes)

Product version:
3.00

Copyright:
Copyright (c) 2013 WebCake LLC. All rights reserved.

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\webcakesetup.exe

Digital Signature
Signed by:
Web Cake

Subject:
CN=Web Cake, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Web Cake, L=Carlsbad, S=California, C=US

Serial number:
06B9035EE5A556582D9427CC2C8DD0BC

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:ptUK/JKpdwdt9TDo66ps/fNxgddYa7MH+Oa8M1febE4FuE2D:rBRKLwD7MuNaddYa7MH+OugbE40h

Entry point:
55, 8B, EC, 81, EC, 58, 0B, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, A8, F4, FF, FF, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, B8, FC, FF, FF, 50, C7, 85, B8, FC, FF, FF, 14, 01, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, 30, 34, 40, 00, E8, 40, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, C5, 01, 00, 00, 68, 1C, 34, 40, 00, 68, 0C, 34, 40, 00, FF, 15, 68, 30, 40, 00, 50, FF, 15, 64, 30, 40, 00, 3B...
 
[+]

Developed / compiled with:
Microsoft Visual C++

The file webcakesetup.exe has been seen being distributed by the following URL.

http://dl-cdn.getwebcake.com/install/.../WebCakesetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove webcakesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.