» cachemgr.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

cachemgr.exe

The executable cachemgr.exe has been detected as malware by 9 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘StubPath’. While running, it connects to the Internet address redirect.www.ibm.com on port 80 using the HTTP protocol.

File name:

cachemgr.exe

MD5:

9ed1de03367deb3219af5608534ffece

SHA-1:

50cd6bd5ee6f7671dfc36dfcf4cb905e1877ee2f

SHA-256:

f75b6bd0f45591fdbc603f534c74aed60275d2c00a5afd923797be1ed308cbad

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

4/24/2024 6:25:01 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:AutoRun-DAJ [Trj]

160503-1

Emsisoft Anti-Malware

Gen:Variant.Zusy.Elzob.5264

16.07.26

ESET NOD32

Win32/Agent.NJO worm

8.0.319.0

F-Prot

W32/Bifrost.AF.gen

4.6.5.141

F-Secure

Variant.Zusy.Elzob.5264

5.15.96

Kaspersky

Worm.Win32.AutoRun

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.2377.0

Norman

Gen:Variant.Zusy.Elzob.5264

22.05.2016 07:18:28

VIPRE Antivirus

Threat.4150696

50750

File size:

115 KB (117,760 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\cachemgr.exe

File PE Metadata

Compilation timestamp:

4/21/2005 8:10:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:/++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6:/++VMoTxyi9e7O1IXLoSWRq

Entry address:

0x1198C

Entry point:

E8, 83, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 41, 00, 89, 0D, 74, AD, 41, 00, 89, 15, 70, AD, 41, 00, 89, 1D, 6C, AD, 41, 00, 89, 35, 68, AD, 41, 00, 89, 3D, 64, AD, 41, 00, 66, 8C, 15, 90, AD, 41, 00, 66, 8C, 0D, 84, AD, 41, 00, 66, 8C, 1D, 60, AD, 41, 00, 66, 8C, 05, 5C, AD, 41, 00, 66, 8C, 25, 58, AD, 41, 00, 66, 8C, 2D, 54, AD, 41, 00, 9C, 8F, 05, 88, AD, 41, 00, 8B, 45, 00, A3, 7C, AD, 41, 00, 8B, 45, 04, A3, 80, AD, 41, 00, 8D, 45, 08, A3, 8C, AD, 41... 
[+]

Entropy:

6.8714

Code size:

89.5 KB (91,648 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

StubPath

Command:

"C:\users\{user}\appdata\roaming\cachemgr.exe" -as

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to redirect.www.ibm.com (129.42.38.1:80)

TCP (HTTP):

Connects to mssharepointforums.com (207.46.197.32:80)

Remove cachemgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.