cachemgr.exe

The executable cachemgr.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address redirect.www.ibm.com on port 80 using the HTTP protocol.
MD5:
a4395bcf86c427b69f866e7f87686297

SHA-1:
77275d79b606316e7b37e7f3531a1f478d7bdbde

SHA-256:
a92197be670897369e6f7c33e9ba733b4c1669ae933823fe353821e2f637d6cb

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 4:00:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.8.15.12

File size:
1.6 MB (1,672,192 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/20/1996 5:21:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:RYLTfG6i9JehNAWL7e0BM/YWrsehzRFWmKAhdG:RYPOtTe0WmUmZrdKAO

Entry address:
0x1837D2

Entry point:
E8, 06, 2F, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 56, 6A, 01, 68, 55, DE, 58, 00, 8B, F1, E8, D9, 2F, 00, 00, C7, 06, FD, B2, 58, 00, 8B, C6, 5E, C3, C7, 01, FD, B2, 58, 00, E9, 3E, 30, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FD, B2, 58, 00, E8, 2B, 30, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 8A, 00, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, AA, 2F, 00, 00, C7, 06, FD, B2, 58, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 0C, EB, 0D, FF, 75...
 
[+]

Entropy:
2.0013

Code size:
26.5 KB (27,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\setup\cachemgr.exe" -as


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to redirect.www.ibm.com  (129.42.38.1:80)

Remove cachemgr.exe - Powered by Reason Core Security