× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e7eef2daa7a1085a9dce7550d7ed6912f043487c58f0f66ba85a73ec4cef42c
File name: WebCakeDesktop.exe
Detection ratio: 31 / 60
Analysis date: 2017-03-11 00:02:20 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware Adware.Generic.1255509 20170310
AegisLab Adware.Generic!c 20170310
ALYac Adware.Generic.1255509 20170310
Arcabit Adware.Generic.D132855 20170310
Avast Win32:Webcake-A [Adw] 20170310
AVG AdInject.WebCake 20170310
AVware Yontoo (fs) 20170310
Baidu Win32.Adware.BrowseFox.r 20170309
BitDefender Adware.Generic.1255509 20170310
Bkav W32.HfsAdware.1CD7 20170310
CAT-QuickHeal PUA.Webcake.Gen 20170310
ClamAV Win.Adware.Webcake-10 20170310
Comodo Application.Win32.Yontoo.wm 20170310
ESET-NOD32 MSIL/WebCake.B potentially unwanted 20170310
F-Secure Adware.Generic.1255509 20170310
GData Adware.Generic.1255509 20170310
Ikarus AdWare.AdInject.Yontoo 20170310
K7AntiVirus Unwanted-Program ( 700000121 ) 20170310
K7GW Unwanted-Program ( 700000121 ) 20170310
Microsoft Adware:Win32/WebCake 20170310
eScan Adware.Generic.1255509 20170310
Panda Adware/WebCake 20170309
Rising PUA.WebCake!8.4AAB (cloud:Ybv29yN81o) 20170310
SUPERAntiSpyware PUP.WebCake/Variant 20170310
Symantec PUA.WebCake 20170310
TrendMicro ADW_WEBKACE 20170310
TrendMicro-HouseCall ADW_WEBKACE 20170310
VIPRE Yontoo (fs) 20170310
Webroot Pua.Yontoo 20170311
Yandex Riskware.Agent! 20170309
Zillya Adware.YontooCRTD.Win32.5403 20170310
AhnLab-V3 20170310
Alibaba 20170228
Antiy-AVL 20170310
Avira (no cloud) 20170310
CMC 20170310
CrowdStrike Falcon (ML) 20170130
Cyren 20170310
DrWeb 20170310
Emsisoft 20170310
Endgame 20170222
F-Prot 20170310
Fortinet 20170310
Sophos ML 20170203
Jiangmin 20170310
Kaspersky 20170310
Kingsoft 20170311
McAfee 20170310
McAfee-GW-Edition 20170310
NANO-Antivirus 20170310
nProtect 20170310
Palo Alto Networks (Known Signatures) 20170311
Qihoo-360 20170311
Sophos AV 20170310
Tencent 20170311
TheHacker 20170308
TotalDefense 20170310
Trustlook 20170311
VBA32 20170310
ViRobot 20170310
WhiteArmor 20170303
ZoneAlarm by Check Point 20170310
Zoner 20170310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) WebCake LLC. All rights reserved.

Product WebCake Desktop
Original name WebCakeDesktop.exe
Internal name WebCakeDesktop.exe
File version 1.0.0.1
Description WebCake Desktop
Signature verification Signed file, verified signature
Signing date 12:19 AM 5/17/2013
Signers
[+] Web Cake
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 1:00 AM 4/9/2013
Valid to 12:59 AM 4/10/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 888014B922DC8C0DEAE552D16D69AA907F5678EB
Serial number 06 B9 03 5E E5 A5 56 58 2D 94 27 CC 2C 8D D0 BC
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-16 23:19:55
Entry Point 0x0000B60E
Number of sections 3
.NET details
Module Version ID 8c8fd3e7-9e4d-4bd4-b923-c2600207008e
TypeLib ID ed44c2f8-9eec-4574-9ed1-f307be67e274
PE sections
Overlays
MD5 0048d80fd4495526c0eaae2a541deae9
File type data
Offset 41472
Size 6424
Entropy 7.32
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
2048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
11.0

EntryPoint
0xb60e

OriginalFileName
WebCakeDesktop.exe

MIMEType
application/octet-stream

LegalCopyright
(c) WebCake LLC. All rights reserved.

FileVersion
1.0.0.1

TimeStamp
2013:05:17 00:19:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WebCakeDesktop.exe

ProductVersion
1.0.0.1

FileDescription
WebCake Desktop

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WebCake LLC

CodeSize
38912

ProductName
WebCake Desktop

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.1

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
File identification
MD5 9eee55b742b65439a0a45bf895e5cea1
SHA1 3974af6435d0019aa8c84be925611f9287976cc4
SHA256 3e7eef2daa7a1085a9dce7550d7ed6912f043487c58f0f66ba85a73ec4cef42c
ssdeep
768:I+SnvtasDrNpagFYw/SVht5iFOOLOwCOKLsbz4swFCSiJ1:I+SnFasDPaPwAhtbOLOwCOKLsbz4bsSW

authentihash 20e568990725116f965dd66b75e0ae84547508c5e971dac03191db5183a0140d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 46.8 KB ( 47896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe assembly signed overlay

VirusTotal metadata
First submission 2013-05-22 18:07:10 UTC ( 4 years, 2 months ago )
Last submission 2017-03-11 00:02:20 UTC ( 5 months, 1 week ago )
File names sample_3e7eef2daa7a1085a9dce7550d7ed6912f043487c58f0f66ba85a73ec4cef42c.dat
WebCakeDesktop.exe
WebCakeDesktop.exe
file-5516653_exe
WebCakeDesktop.exe.vir
3974AF6435D0019AA8C84BE925611F9287976CC4.exe
vt-upload-9HoccB
{6079684C-042D-4140-8FF5-94284DBB5894}
WebCakeDesktop.exe
WebCakeDesktop.exe1
WebCakeDesktop.vir
vti-rescan
WebCakeDesktop.exe
webcakedesktop.exe
WebCakeDesktop.exe
9eee55b742b65439a0a45bf895e5cea1
WebCakeDesktop_9eee55b742b65439a0a45bf895e5cea1_738.exe
WebCakeDesktopWin32.Yontoo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!