» cachemgr.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

cachemgr.exe

The executable cachemgr.exe has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address redirect.www.ibm.com on port 80 using the HTTP protocol.

File name:

cachemgr.exe

MD5:

1a14db18818fa7900a9bef8d894e73bc

SHA-1:

97515af6e6b779170f92ad0f4304e6d47275bbed

SHA-256:

2b2d0b0adfe565a8de935306501c0b979ab46028c257fd7e55688b9137c41544

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

11/15/2024 12:37:33 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:AutoRun-DAJ [Trj]

160830-0

Clam AntiVirus

Win.Worm.Autorun-10000

0.98/22176

Dr.Web

Win32.HLLW.Autoruner1.889

9.0.1.05190

ESET NOD32

Win32/Agent.NJO worm

6.3.12010.0

F-Prot

W32/AutoRun.AU.gen

4.6.5.141

Kaspersky

Worm.Win32.AutoRun

15.0.2.529

File size:

1.2 MB (1,236,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\cachemgr.exe

File PE Metadata

Compilation timestamp:

7/23/2011 6:38:10 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:v++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ:v++VMoTxyi9e7O1IXLoSWRq

Entry address:

0x1198C

Entry point:

E8, 83, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 41, 00, 89, 0D, 74, AD, 41, 00, 89, 15, 70, AD, 41, 00, 89, 1D, 6C, AD, 41, 00, 89, 35, 68, AD, 41, 00, 89, 3D, 64, AD, 41, 00, 66, 8C, 15, 90, AD, 41, 00, 66, 8C, 0D, 84, AD, 41, 00, 66, 8C, 1D, 60, AD, 41, 00, 66, 8C, 05, 5C, AD, 41, 00, 66, 8C, 25, 58, AD, 41, 00, 66, 8C, 2D, 54, AD, 41, 00, 9C, 8F, 05, 88, AD, 41, 00, 8B, 45, 00, A3, 7C, AD, 41, 00, 8B, 45, 04, A3, 80, AD, 41, 00, 8D, 45, 08, A3, 8C, AD, 41... 
[+]

Entropy:

1.0270

Code size:

89.5 KB (91,648 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

StubPath

Command:

"C:\users\{user}\appdata\roaming\cachemgr.exe" -as

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to redirect.www.ibm.com (129.42.38.1:80)

Remove cachemgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.