Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'femjannacafe' = '%HOMEPATH%\femjannacafe.exe'
Modifies file system:
Creates the following files:
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c5d8393293ce2ba62f117b2c2d55bc3e_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %HOMEPATH%\femjannacafe.exe
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\ec702f375e1b12d218f67ab9ef19ca23_23ef5514-3059-436f-a4a7-4cefaab20eb1
Sets the 'hidden' attribute to the following files:
- %HOMEPATH%\femjannacafe.exe
Network activity:
Connects to:
- 'www.re##era.com':80
- 'www.11##chi.net':80
- 'www.ke###afe.com':80
- 'www.jc##sk.com':80
- 'www.je##o.co.uk':80
UDP:
- DNS ASK www.ud##ign.biz
- DNS ASK www.rs##g.com
- DNS ASK www.ot##spm.com
- DNS ASK www.fi##.com
- DNS ASK www.sp###hal.net
- DNS ASK www.or##ito.com
- DNS ASK www.2p##nt.com
- DNS ASK www.mo###nic.net
- DNS ASK www.ma###axx.com
- DNS ASK www.or#.#cnet.jp
- DNS ASK www.re##era.com
- DNS ASK www.11##chi.net
- DNS ASK www.ke###afe.com
- DNS ASK www.jc##sk.com
- DNS ASK www.je##o.co.uk
- DNS ASK www.wn##voy.com
- DNS ASK www.dg##a.com
- DNS ASK www.cr##i.org
- DNS ASK www.sn##pak.com
- DNS ASK www.c9##.com
