femjannacafe.exe

The executable femjannacafe.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘femjannacafe’. While running, it connects to the Internet address en821.mirohost.net on port 80 using the HTTP protocol.
MD5:
52e6c2d2410470eacb399f54f1aae519

SHA-1:
47f49c32e9223bbb73de89ed929a70a83df6e382

SHA-256:
7092b22f9fc6d089fa83d98615bff0019041571605604f9850021e774b508a27

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/23/2024 7:43:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2796083
392

Agnitum Outpost
Trojan.Yakes
7.1.1

AhnLab V3 Security
Trojan/Win32.Injector
2015.11.07

Avira AntiVirus
TR/Crypt.ZPACK.188389
8.3.2.2

Arcabit
Trojan.Generic.D2AAA33
1.0.0.590

avast!
Win32:Dropper-gen [Drp]
2014.9-160109

AVG
Inject3
2017.0.2870

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.1619

Bitdefender
Trojan.GenericKD.2796083
1.0.20.45

Comodo Security
UnclassifiedMalware
23541

Dr.Web
Trojan.DownLoad.64914
9.0.1.09

Emsisoft Anti-Malware
Trojan.GenericKD.2796083
8.16.01.09.05

ESET NOD32
Win32/Injector.CKJF (variant)
10.12525

Fortinet FortiGate
PossibleThreat.VEX.99
1/9/2016

F-Prot
W32/Yakes.AL
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2796083
11.2016-09-01_7

G Data
Trojan.GenericKD.2796083
16.1.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17770

Kaspersky
Trojan.Win32.Yakes
14.0.0.844

McAfee
RDN/Generic.dx
5600.6526

Microsoft Security Essentials
TrojanDropper:Win32/Cutwail
1.1.12205.0

MicroWorld eScan
Trojan.GenericKD.2796083
17.0.0.27

NANO AntiVirus
Trojan.Win32.DownLoad.dxwleh
0.30.26.4437

nProtect
Trojan.GenericKD.2796083
15.11.06.01

Panda Antivirus
Generic Suspicious
16.01.09.05

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Quick Heal
Trojan.Yakes.r4
1.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_FORUCON.BMC
7.2.9

Trend Micro
TROJ_FORUCON.BMC
10.465.09

Vba32 AntiVirus
Trojan.Yakes
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45044

ViRobot
Trojan.Win32.Agent.211206[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Yakes.Win32.40890
2.0.0.2496

File size:
206.3 KB (211,206 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\admin\femjannacafe.exe

File PE Metadata
Compilation timestamp:
10/13/2015 5:20:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:9qXj49x8OaSu9+X+jhuE4BkGJe+q18LhxvBRT4f77wIhjUFst18Vbd:R054Bke7q83077wIhjUyt10Z

Entry address:
0x1007D

Entry point:
E8, 51, 2C, 00, 00, E9, 89, FE, FF, FF, A1, 80, E5, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 80, E5, 41, 00, 6A, 04, 50, E8, 05, 2D, 00, 00, 59, 59, A3, 78, D5, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 80, E5, 41, 00, E8, EC, 2C, 00, 00, 59, 59, A3, 78, D5, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, F0, B3, 41, 00, EB, 05, A1, 78, D5, 41, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, 70, B6, 41, 00, 7C, EA, 6A, FE, 5E, 33, D2, B9, 00...
 
[+]

Entropy:
7.3786

Code size:
103.5 KB (105,984 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
femjannacafe

Command:
C:\users\admin\femjannacafe.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sv140.xserver.jp  (210.188.201.166:80)

TCP (HTTP):
Connects to server.farmhouseserver.com  (198.57.196.166:80)

TCP (HTTP):
Connects to ostego.snhdns.com  (198.38.77.142:80)

TCP (HTTP):
Connects to alienlabs.hu  (185.51.65.164:80)

TCP (HTTP):
Connects to server10.webage.co.uk  (193.34.148.140:80)

TCP (HTTP):
Connects to seriali02.aqserver.com  (80.93.82.33:80)

TCP (HTTP):
Connects to satin.smoothhost.com  (50.97.65.91:80)

TCP (HTTP):
Connects to rs101.nsresponse.com  (204.93.177.101:80)

TCP (HTTP):
Connects to ns69.kreativmedia.ch  (80.74.154.6:80)

TCP (HTTP):
Connects to myhost.net.pl  (195.149.225.101:80)

TCP (HTTP):
Connects to mail.elpro.si  (193.77.149.5:80)

TCP (HTTP):
Connects to h-f.net  (92.222.129.136:80)

TCP (HTTP):
Connects to evcpa.com  (207.32.48.112:80)

TCP (HTTP):
Connects to blask.circulos.pl  (195.2.222.250:80)

TCP (HTTP):
Connects to ams93-rev.netart.pl  (85.128.201.93:80)

TCP (HTTP):
Connects to 24-223-107-10.static.usa-companies.net  (24.223.107.10:80)

TCP (HTTP):
Connects to 198-1-85-250.unifiedlayer.com  (198.1.85.250:80)

TCP (HTTP):
Connects to 157-7-107-91.virt.lolipop.jp  (157.7.107.91:80)

TCP (HTTP):
Connects to web2.connext.net  (96.91.204.114:80)

TCP (HTTP):
Connects to server2016.italmarket.com  (95.141.36.94:80)

Remove femjannacafe.exe - Powered by Reason Core Security