home

cachemgr.exe

The executable cachemgr.exe has been detected as malware by 41 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address pocketpc.net on port 80 using the HTTP protocol.
MD5:
a9b32e261fdf3a5eccb51f8d6258b735

SHA-1:
078cffa46f2c1aa102840e6a69d4eca0ac9080b5

SHA-256:
cd104cda39d2ef777b7754db5e8e1380027900ad0a2af974d478fb5027fa2035

Scanner detections:
41 / 68

Status:
Malware

Analysis date:
4/19/2024 5:36:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.34498
654

Agnitum Outpost
Trojan.DL.Agent
7.1.1

AhnLab V3 Security
Worm/Win32.AutoRun
2015.04.02

avast!
Win32:Malware-gen
2014.9-150422

AVG
Generic27
2016.0.3132

Baidu Antivirus
Worm.Win32.Agent
4.0.3.15422

Bitdefender
Gen:Variant.Zusy.34498
1.0.20.560

Bkav FE
W32.DisonmetB.Trojan
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-119349
0.98/21511

Comodo Security
TrojWare.Win32.Kryptik.VARA
21613

Dr.Web
Trojan.DownLoad3.5776
9.0.1.0112

Emsisoft Anti-Malware
Gen:Variant.Zusy.34498
8.15.04.22.10

ESET NOD32
Win32/Agent.NLY
9.11411

Fortinet FortiGate
W32/Agent.AAHE!tr
4/22/2015

F-Prot
W32/Agent.YD.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.34498
11.2015-22-04_4

G Data
Gen:Variant.Zusy.34498
15.4.25

herdProtect (fuzzy)
variant of .hlgames.exe
2015.7.23.13

IKARUS anti.virus
Backdoor.Win32.Bifrose
t3scan.1.8.9.0

K7 AntiVirus
Riskware
13.204.16131

Kaspersky
Trojan-Downloader.Win32.Agent
14.0.0.2153

Malwarebytes
Backdoor.Agent.FLDGen
v2015.04.22.10

McAfee
Trojan-FCEM!B571318145DF
5600.6788

Microsoft Security Essentials
Backdoor:Win32/Bifrose.IQ
1.1.11502.0

MicroWorld eScan
Gen:Variant.Zusy.34498
16.0.0.336

NANO AntiVirus
Trojan.Win32.Agent2.vsjct
0.30.8.659

Norman
Obfuscated.H5!genr
11.20150422

nProtect
Trojan/W32.Agent.151417.C
15.06.02.01

Panda Antivirus
Trj/Agent.JHT
15.04.22.10

Qihoo 360 Security
Malware.Radar01.Gen
1.0.0.1015

Quick Heal
Backdoor.Bifrose.IQ4
4.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.12E37466!316896358
23.00.65.15420

Sophos
Mal/Behav-043
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Bifrose
9920

Total Defense
Win32/FakeFLDR_i
37.1.62.1

Trend Micro House Call
Mal_OtorunN
7.2.112

Trend Micro
Mal_OtorunN
10.465.22

Vba32 AntiVirus
TrojanDownloader.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
40808

ViRobot
Trojan.Win32.A.Downloader.1274200[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Agent.Win32.222298
2.0.0.2123

File size:
147.9 KB (151,417 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/3/2012 3:30:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:TvIC6+gLE5QLPoSVkRy7QVgfSyrMSglKcN5RkysdxEJPk7hy97Y6UESbMonA+:sC/gLTTkRy7LfS2glhRXJehyBJUEoJA+

Entry address:
0x1CF3

Entry point:
E8, 7B, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 40, 00, 89, 0D, 74, AD, 40, 00, 89, 15, 70, AD, 40, 00, 89, 1D, 6C, AD, 40, 00, 89, 35, 68, AD, 40, 00, 89, 3D, 64, AD, 40, 00, 66, 8C, 15, 90, AD, 40, 00, 66, 8C, 0D, 84, AD, 40, 00, 66, 8C, 1D, 60, AD, 40, 00, 66, 8C, 05, 5C, AD, 40, 00, 66, 8C, 25, 58, AD, 40, 00, 66, 8C, 2D, 54, AD, 40, 00, 9C, 8F, 05, 88, AD, 40, 00, 8B, 45, 00, A3, 7C, AD, 40, 00, 8B, 45, 04, A3, 80, AD, 40, 00, 8D, 45, 08, A3, 8C, AD, 40...
 
[+]

Entropy:
6.6670

Code size:
26.5 KB (27,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\setup\cachemgr.exe" -as


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to pocketpc.net  (207.46.232.182:80)

TCP (HTTP):
Connects to southridgevideo.org  (207.46.197.32:80)

TCP (HTTP):
Connects to lax02s19-in-f16.1e100.net  (74.125.224.112:80)

Remove cachemgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.