Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1.00.01 16.67%
1.00.01 5.56%
1.00.01 50.00%
1.00.01 27.78%
(Note, Web Cake publishes each variation of this file with the same version, but the hashes are unique.)

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegOpenKeyW, RegCreateKeyW, RegSetValueW, RegQueryValueW, RegQueryInfoKeyW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW, RegEnumKeyExW
kernel32.dll
GetProcAddress, GetModuleHandleW, lstrcmpiW, WaitForSingleObject, lstrcmpW, GetProcessHeap, MultiByteToWideChar, lstrlenA, HeapFree, HeapAlloc, HeapReAlloc, InterlockedIncrement, WideCharToMultiByte, GetModuleFileNameW, FreeLibrary, LoadLibraryExW, SetThreadLocale, GetThreadLocale, CloseHandle, CreateFileW, WriteConsoleW, SetStdHandle, GetConsoleMode, GetConsoleCP, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, GetLastError, RaiseException, InterlockedDecrement, lstrlenW, SetFilePointer, LoadLibraryW, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, GetStartupInfoW, GetFileType, SetHandleCount, Sleep, IsProcessorFeaturePresent, GetStringTypeW, LCMapStringW, SetLastError, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetCurrentProcess, TerminateProcess, FlushFileBuffers, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStdHandle, WriteFile, ExitProcess, HeapCreate, GetCommandLineA, DecodePointer, EncodePointer, CreateThread, GetCurrentThreadId, ExitThread, RtlUnwind, HeapSize, HeapDestroy
ole32.dll
CoTaskMemRealloc, CoTaskMemAlloc, CoCreateGuid, CoInitialize, CoUninitialize, CoCreateInstance, StringFromGUID2, CoTaskMemFree
rpcrt4.dll
UuidToStringW, NdrStubCall2, NdrStubForwardingFunction, IUnknown_Release_Proxy, NdrDllUnregisterProxy, NdrDllRegisterProxy, NdrCStdStubBuffer2_Release, NdrDllCanUnloadNow, NdrDllGetClassObject, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, RpcStringFreeW, IUnknown_AddRef_Proxy
user32.dll
InvalidateRect, GetWindow, GetClassNameW, CharNextW, wsprintfW
ws2_32.dll
WSAGetOverlappedResult, WSASend, WSAResetEvent, WSARecv, WSAEnumNetworkEvents, WSASetEvent, WSACreateEvent, WSASocketW, WSACloseEvent, GetAddrInfoW, WSAEventSelect, FreeAddrInfoW, WSAConnect
Export table
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

WebCakeIEClient.dll

WebCake Runtime by Web Cake (Signed)

Remove WebCakeIEClient.dll
Version:   1.00.01
MD5:   e867aeb1040b79cc824069bd8140df23
SHA1:   b78fda77f5a05d8dc9a8c77338751505afcb33de
SHA256:   dc7d06884ab9887f8e294d0fa347c8461f39c4adc2251680019e5576b629a15d
Warning 5 antivirus scanners has detected malware.

Overview

webcakeieclient.dll is malware that is loaded as dynamic link library that runs in the context of Internet Explorer. It is installed in Internet Explorer as a Browser Helper Object (BHO) which has full acess to the web browser's behaviors and content. This is typically installed with the program WebCake 3.00 published by Web Cake LLC and is most likely removed by most users once installed (84% removed). The file is digitally signed by Web Cake which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:webcakeieclient.dll
Publisher:WebCake LLC
Product name:WebCake Runtime
Typical file path:C:\Program Files\webcake\webcakeieclient.dll
File version:1.00.01
Size:193.27 KB (197,912 bytes)
Build date:5/6/2013 11:56 AM
Certificate
Issued to:Web Cake
Authority (CA):VeriSign
Effective date:Monday, April 8, 2013
Expiration date:Thursday, April 9, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Web Cake LLC
  84% remove
The WebCake web browser plugin by sterkly LLC declares that it can sweeten browsing experience. It can modify Windows hosts file and DNS settings. Once installed, the WebCake Safe will display a see similar button on the product images of the shopping websites such as Amazon, Expedia, Best Buy, Facebook and so on. As long as you click the see similar button, the WebCake will pop up ads.

BehaviorsBehaviors

Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
  • BHO CLSID: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517}

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
Comodo Internet Security 16420 ApplicUnwnt
Dr.Web 8.13.9.30 Adware.Plugin.11
ESET NOD32 7.8441 probably a variant of Win32/Adware.Yontoo.A
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0515
VIPRE Antivirus 18650 Yontoo (fs)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 44.44%
Windows 8 16.67%
Windows 7 Home Premium 11.11%
Windows 8 Pro 11.11%
Windows 7 Professional 5.56%
Windows Vista Home Premium 5.56%
Microsoft Windows XP 5.56%

Distribution by countryDistribution by country

United States installs about 22.22% of WebCake Runtime.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 28.57%
Hewlett-Packard 19.05%
Dell 19.05%
Acer 14.29%
MSI 9.52%
GIGABYTE 4.76%
American Megatrends 4.76%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE