cachemgr.exe

The executable cachemgr.exe has been detected as malware by 36 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address redirect.www.ibm.com on port 80 using the HTTP protocol.
MD5:
e8939c202b7005f3ed1e064119426baa

SHA-1:
f270bd2d6218647676fdfe6615ce48015eadf998

SHA-256:
1995c68555a3261f5b21b42c670d8f1bdb9d620615ed497386baac24612aee9a

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/26/2024 3:22:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Worm/Win32.AutoRun
2013.09.23

Avira AntiVirus
TR/Patched.Gen
7.11.103.166

avast!
Win32:Malware-gen
2014.9-160211

AVG
Generic27
2017.0.2836

Baidu Antivirus
Trojan-Downloader.Win32.Agent
4.0.3.16211

Bitdefender
Trojan.Generic.KDV.771306
1.0.20.210

Bkav FE
W32.Clode77.Trojan
1.3.0.4246

Clam AntiVirus
Win.Trojan.Agent-119349
0.98/18155

Comodo Security
TrojWare.Win32.Kryptik.VARA
16985

Dr.Web
Trojan.DownLoad3.5776
9.0.1.042

Emsisoft Anti-Malware
Trojan-Downloader.Win32.Agent
8.16.02.11.06

ESET NOD32
Win32/Kryptik.AAHE (variant)
10.8831

Fortinet FortiGate
W32/Agent.AAHE!tr
2/11/2016

G Data
Trojan.Generic.KDV.771306
16.2.22

IKARUS anti.virus
Backdoor.Win32.Bifrose
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9644

Kaspersky
Trojan-Downloader.Win32.Agent
14.0.0.676

Malwarebytes
Backdoor.Agent.FLDGen
v2016.02.11.06

McAfee
BackDoor-CEP!bkd
5600.6492

Microsoft Security Essentials
Backdoor:Win32/Bifrose.IQ
1.163.1557.0

MicroWorld eScan
Trojan.Generic.KDV.771306
17.0.0.126

NANO AntiVirus
Trojan.Win32.Agent2.vsjct
0.26.0.54818

Norman
Obfuscated.H5!genr
11.20160211

nProtect
Trojan-Downloader/W32.Agent.225145
13.09.22.01

Panda Antivirus
Trj/Agent.JHT
16.02.11.06

Quick Heal
TrojanDownloader.Agent.gykw
2.16.12.00

Rising Antivirus
Trojan.Win32.Generic.13C7E35F
23.00.65.16209

Sophos
Mal/Behav-043
4.93

SUPERAntiSpyware
Trojan.Agent/Gen-Autorun
9329

Total Defense
Win32/FakeFLDR_i
37.0.10498

Trend Micro House Call
TROJ_GEN.R0CBH01H613
7.2.42

Trend Micro
Mal_OtorunN
10.465.11

Vba32 AntiVirus
TrojanDownloader.Agent
3.12.24.2

VIPRE Antivirus
Trojan.Win32.Generic
21724

ViRobot
Trojan.Win32.A.Downloader.1274200
2011.4.7.4223

File size:
219.9 KB (225,145 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/2/2012 11:30:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:ovIC6+gLE5QLPoSVyRy7QVgfSyrMSglKcN5RkysdxEJPk7hy97Y6UESbMonA+:jC/gLTTyRy7LfS2glhRXJehyBJUEoJA+

Entry address:
0x1CF3

Entry point:
E8, 7B, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 40, 00, 89, 0D, 74, AD, 40, 00, 89, 15, 70, AD, 40, 00, 89, 1D, 6C, AD, 40, 00, 89, 35, 68, AD, 40, 00, 89, 3D, 64, AD, 40, 00, 66, 8C, 15, 90, AD, 40, 00, 66, 8C, 0D, 84, AD, 40, 00, 66, 8C, 1D, 60, AD, 40, 00, 66, 8C, 05, 5C, AD, 40, 00, 66, 8C, 25, 58, AD, 40, 00, 66, 8C, 2D, 54, AD, 40, 00, 9C, 8F, 05, 88, AD, 40, 00, 8B, 45, 00, A3, 7C, AD, 40, 00, 8B, 45, 04, A3, 80, AD, 40, 00, 8D, 45, 08, A3, 8C, AD, 40...
 
[+]

Entropy:
5.0568

Code size:
26.5 KB (27,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\setup\cachemgr.exe" -as


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to redirect.www.ibm.com  (129.42.38.1:80)

Remove cachemgr.exe - Powered by Reason Core Security