home

cachemgr.exe

The executable cachemgr.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address bcentral.nl on port 80 using the HTTP protocol.
MD5:
f5ca371c5d673bff3c9160d9390a22ad

SHA-1:
12364811f539617975fb8173d8bad2c80b5e0c9a

SHA-256:
f00d6b570031b6e657beeb484e18ed8c1ff155ebdd7283919b3f3fdebcc6da7b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/18/2024 2:49:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Installer (M)
16.2.15.7

File size:
26.9 MB (28,180,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\cachemgr.exe

File PE Metadata
Compilation timestamp:
7/25/1999 4:14:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:9X2tAh15hxrmf7VlBSBzD7TbNau3doRzEg0H86Lx8CAcf+SuqGMLefNe6WE5RXQ:Nv5hm7VmBP7PtReQJUhMLgEE5RX

Entry address:
0x12ECC

Entry point:
E8, 72, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, BD, 41, 00, 89, 0D, 74, BD, 41, 00, 89, 15, 70, BD, 41, 00, 89, 1D, 6C, BD, 41, 00, 89, 35, 68, BD, 41, 00, 89, 3D, 64, BD, 41, 00, 66, 8C, 15, 90, BD, 41, 00, 66, 8C, 0D, 84, BD, 41, 00, 66, 8C, 1D, 60, BD, 41, 00, 66, 8C, 05, 5C, BD, 41, 00, 66, 8C, 25, 58, BD, 41, 00, 66, 8C, 2D, 54, BD, 41, 00, 9C, 8F, 05, 88, BD, 41, 00, 8B, 45, 00, A3, 7C, BD, 41, 00, 8B, 45, 04, A3, 80, BD, 41, 00, 8D, 45, 08, A3, 8C, BD, 41...
 
[+]

Entropy:
0.0639

Code size:
95 KB (97,280 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StubPath

Command:
"C:\ProgramData\cachemgr.exe" -as


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to forefront.ch  (207.46.197.32:80)

TCP (HTTP):
Connects to bcentral.nl  (207.46.232.182:80)

Remove cachemgr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.