Date discovered:13/07/2013
In the wild:Yes
Reported Infections:High
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:1.212.288 Bytes
MD5 checksum:FE6B34DA2D16E6C6D10B6C126B137C15
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Eset: Win32/Adware.Yontoo.B
   •  DrWeb: Adware.Plugin.11
   •  Fortinet: Adware/Yontoo.A

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

Right after execution the following information is displayed:

 Files – A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\sample-062C.exe

%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe Furthermore it gets executed after it was fully created.
– %APPDATA%\WebCake\WebCakeDesktop.exe Furthermore it gets executed after it was fully created.

 Registry The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\ControlSet001\Services\WebCake Desktop Updater]
   • "Type"=dword:00000010
   • "Start"=dword:00000002
   • "ErrorControl"=dword:00000001
   • "ImagePath"="%PROGRAM FILES%\WebCake\WebCakeDesktop.Updater.exe" "%APPDATA%\WebCake\WebCakeDesktop.exe"
   • "DisplayName"="WebCake Desktop Updater"
   • "ObjectName"="LocalSystem"
   • "Description"="Provides limited updating assistance for WebCake Desktop"

説明の挿入者 Eric Burk の 2013年7月14日日曜日
説明の更新者 Eric Burk の 2013年7月14日日曜日

戻る . . . .