cachemgr.exe

The application cachemgr.exe has been detected as a potentially unwanted program by 39 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address releveztouslesdefis.net on port 80 using the HTTP protocol.
MD5:
ffb8c4f5e65407fcd02dff16ec9f2d07

SHA-1:
3bae57858f9e114d5181c8364a1f780aa52a0946

SHA-256:
9a7d19acd1731b21a7cfb7219b3d237ea53ef816ef78da15c437fa4c933bb00f

Scanner detections:
39 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:14:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.34498
359

Agnitum Outpost
Trojan.DL.Agent
7.1.1

AhnLab V3 Security
Worm/Win32.AutoRun
2015.12.03

Avira AntiVirus
BDS/Bifrose.IQ.218
8.3.2.4

Arcabit
Trojan.Zusy.D86C2
1.0.0.628

avast!
Win32:Malware-gen
2014.9-160210

AVG
Generic27
2017.0.2837

Baidu Antivirus
Adware.Win32.Agent
4.0.3.16210

Bitdefender
Gen:Variant.Zusy.34498
1.0.20.205

Clam AntiVirus
Win.Trojan.Agent-119349
0.98/21511

Comodo Security
TrojWare.Win32.Kryptik.VARA
23690

Dr.Web
Trojan.DownLoad3.5776
9.0.1.041

Emsisoft Anti-Malware
Gen:Variant.Zusy.34498
8.16.02.10.09

ESET NOD32
Win32/Agent.NLY
10.12661

Fortinet FortiGate
W32/Agent.AAHE!tr
2/10/2016

F-Prot
W32/Trojan2.NXBX
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.34498
11.2016-10-02_4

G Data
Gen:Variant.Zusy.34498
16.2.25

IKARUS anti.virus
Backdoor.Win32.Bifrose
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18027

Kaspersky
Trojan-Downloader.Win32.Agent
14.0.0.681

Malwarebytes
Backdoor.Agent.FLDGen
v2016.02.10.09

McAfee
Trojan-FCEM!FFB8C4F5E654
5600.6493

Microsoft Security Essentials
Backdoor:Win32/Bifrose.IQ
1.1.12300.0

MicroWorld eScan
Gen:Variant.Zusy.34498
17.0.0.123

NANO AntiVirus
Trojan.Win32.Agent2.vsjct
0.30.26.5051

nProtect
Trojan/W32.Agent.151417.C
15.12.02.01

Panda Antivirus
Trj/Agent.JHT
16.02.10.09

Qihoo 360 Security
Malware.Radar01.Gen
1.0.0.1077

Quick Heal
Backdoor.Bifrose.IQ4
2.16.14.00

Rising Antivirus
PE:Malware.FakeFolder@CV!1.6AA9 [F]
23.00.65.16208

Sophos
Mal/Behav-043
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
9331

Total Defense
Win32/FakeFLDR_i
37.1.62.1

Trend Micro
Mal_OtorunN
10.465.10

Vba32 AntiVirus
TrojanDownloader.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45572

ViRobot
Trojan.Win32.A.Downloader.1274200[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Agent.Win32.145009
2.0.0.2541

File size:
147.9 KB (151,417 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/3/2012 12:30:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:dvIC6+gLE5QLPoSVkRy7QVgfSyrMSglKcN5RkysdxEJPk7hy97Y6UESbMonA+:6C/gLTTkRy7LfS2glhRXJehyBJUEoJA+

Entry address:
0x1CF3

Entry point:
E8, 7B, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 40, 00, 89, 0D, 74, AD, 40, 00, 89, 15, 70, AD, 40, 00, 89, 1D, 6C, AD, 40, 00, 89, 35, 68, AD, 40, 00, 89, 3D, 64, AD, 40, 00, 66, 8C, 15, 90, AD, 40, 00, 66, 8C, 0D, 84, AD, 40, 00, 66, 8C, 1D, 60, AD, 40, 00, 66, 8C, 05, 5C, AD, 40, 00, 66, 8C, 25, 58, AD, 40, 00, 66, 8C, 2D, 54, AD, 40, 00, 9C, 8F, 05, 88, AD, 40, 00, 8B, 45, 00, A3, 7C, AD, 40, 00, 8B, 45, 04, A3, 80, AD, 40, 00, 8D, 45, 08, A3, 8C, AD, 40...
 
[+]

Entropy:
6.6669

Code size:
26.5 KB (27,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\setup\cachemgr.exe" -as


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to redirect.www.ibm.com  (129.42.38.1:80)

TCP (HTTP):
Connects to releveztouslesdefis.net  (207.46.197.32:80)

Remove cachemgr.exe - Powered by Reason Core Security