cachemgr.exe

The executable cachemgr.exe has been detected as malware by 39 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address les-doigts-dans-le-nez.net on port 80 using the HTTP protocol.
MD5:
bb0798cfc9e1ef1ecf293d9cb25b0402

SHA-1:
b16d3e6f9a68d5206a3cc637659617e08f2337c2

SHA-256:
db551176352b67d6f81442e60a9145c3a5b195ea181d6f45234c5e229d5c6b3c

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
12/28/2024 4:27:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Worm.Generic.357537
1036

Agnitum Outpost
Worm.AutoRun
7.1.1

AhnLab V3 Security
Worm/Win32.AutoRun
2013.12.06

Avira AntiVirus
TR/Agent.57344
7.11.118.0

avast!
Win32:Trojan-gen
2014.9-140405

AVG
Win32/DH{eTYDD34gIiMlTg}
2015.0.3514

Baidu Antivirus
Worm.Win32.AutoRun
4.0.3.1445

Bitdefender
Worm.Generic.357537
1.0.20.475

Bkav FE
W32.OnGamesLT031012KGHN
1.3.0.4562

Clam AntiVirus
Worm.Autorun-9877
0.98/18155

Comodo Security
TrojWare.Win32.Kryptik.VARA
17390

Dr.Web
Win32.HLLW.Autoruner1.889
9.0.1.095

Emsisoft Anti-Malware
Worm.Generic.357537
8.14.04.05.11

ESET NOD32
Win32/Agent.NJO
8.9135

Fortinet FortiGate
W32/Autorun.CXP!tr
4/5/2014

F-Prot
W32/AutoRun.AU.gen
v6.4.7.1.166

F-Secure
Worm.Generic.357537
11.2014-05-04_7

G Data
Worm.Generic.357537
14.4.22

IKARUS anti.virus
Trojan.Win32.Finodes
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10426

Kaspersky
Worm.Win32.AutoRun
14.0.0.4063

Malwarebytes
Worm.Autorun
v2014.04.05.11

McAfee
W32/Autorun.worm.ht
5600.7170

Microsoft Security Essentials
Trojan:Win32/Finodes.B
1.163.1557.0

MicroWorld eScan
Worm.Generic.357537
15.0.0.285

NANO AntiVirus
Trojan.Win32.AutoRun.rfaml
0.28.0.56582

Norman
FakeFolder.A
11.20140405

nProtect
Worm/W32.AutoRun.117763
13.12.05.01

Panda Antivirus
Trj/Agent.MIZ
14.04.05.11

Quick Heal
Trojan.Finodes.BB5
4.14.12.00

Rising Antivirus
PE:Malware.FakeFolder@CV!1.6ABC
23.00.65.14403

Sophos
Mal/Behav-043
4.95

SUPERAntiSpyware
Trojan.Agent/Gen-Autorun
10684

Total Defense
Win32/FakeFLDR_i
37.0.10498

Trend Micro House Call
BKDR_BIFROSE.BMC
7.2.95

Trend Micro
BKDR_BIFROSE.BMC
10.465.05

Vba32 AntiVirus
Worm.AutoRun
3.12.24.3

VIPRE Antivirus
Worm.Win32.AutoRun
24038

ViRobot
Worm.Win32.A.AutoRun.143872.B
2011.4.7.4223

File size:
115 KB (117,763 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cachemgr.exe

File PE Metadata
Compilation timestamp:
7/23/2011 4:38:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:+++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6Z:+++VMoTxyi9e7O1IXLoSWRqz

Entry address:
0x1198C

Entry point:
E8, 83, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 41, 00, 89, 0D, 74, AD, 41, 00, 89, 15, 70, AD, 41, 00, 89, 1D, 6C, AD, 41, 00, 89, 35, 68, AD, 41, 00, 89, 3D, 64, AD, 41, 00, 66, 8C, 15, 90, AD, 41, 00, 66, 8C, 0D, 84, AD, 41, 00, 66, 8C, 1D, 60, AD, 41, 00, 66, 8C, 05, 5C, AD, 41, 00, 66, 8C, 25, 58, AD, 41, 00, 66, 8C, 2D, 54, AD, 41, 00, 9C, 8F, 05, 88, AD, 41, 00, 8B, 45, 00, A3, 7C, AD, 41, 00, 8B, 45, 04, A3, 80, AD, 41, 00, 8D, 45, 08, A3, 8C, AD, 41...
 
[+]

Entropy:
6.8712

Code size:
89.5 KB (91,648 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\users\{user}\appdata\roaming\cachemgr.exe" -as


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to les-doigts-dans-le-nez.net  (207.46.197.32:80)

Remove cachemgr.exe - Powered by Reason Core Security