Malware

Johnnie.187866 removal instruction

Malware Removal

The Johnnie.187866 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.187866 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the zgRAT malware family

How to determine Johnnie.187866?



File Info:

name: 642CF88410814335C540.mlw
path: /opt/CAPEv2/storage/binaries/495208a7a6c560a047c272b6999b9686870f864033e5d630c7e6ab89b85173cd
crc32: 4BACD569
md5: 642cf88410814335c5405b12b3460207
sha1: 75582bc45074e63a6d12e9b8f997451d2bc107de
sha256: 495208a7a6c560a047c272b6999b9686870f864033e5d630c7e6ab89b85173cd
sha512: e8c532464d67dfce65f16cdfae8a8354163de9eb4e7e396ab8b1b9efe7af6150efebe6d034262685085ad8a31a4b432637c9fdf3f2c77c0befc0bb7c1e7ad083
ssdeep: 6144:sl2IpcAOeqnYTMhThYwv9KgjmZTK3KAftQ9Nlh6c5MESmoomqfONh:s8IprOeqvh9XcAf+Kc55Dooa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T153840146B3CAC721C6AC653480F355A017F2678B2633C79A3F9805EA1E43BC59D9CB5E
sha3_384: 481c3804cb23fe3dd3749f91b2073b33451893305abbc4f8463dc0e374c3847228fc5c7579d37c585a5070a095df94ba
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-20 17:34:22


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: WindowsApplication2
FileVersion: 1.0.0.0
InternalName: WindowsApplication2.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: WindowsApplication2.exe
ProductName: WindowsApplication2
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Johnnie.187866 also known as:

BkavW32.AIDetectNet.01
MicroWorld-eScanGen:Variant.Johnnie.187866
FireEyeGeneric.mg.642cf88410814335
ALYacGen:Variant.Johnnie.187866
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004f751c1 )
K7GWTrojan ( 004f751c1 )
Cybereasonmalicious.410814
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Kryptik.HDG
APEXMalicious
KasperskyHEUR:Trojan-Spy.MSIL.Downeks.gen
BitDefenderGen:Variant.Johnnie.187866
AvastWin32:GenMaliciousA-IHC [Trj]
Ad-AwareGen:Variant.Johnnie.187866
EmsisoftGen:Variant.Johnnie.187866 (B)
DrWebBackDoor.Quasar.1
VIPREGen:Variant.Johnnie.187866
McAfee-GW-EditionArtemis
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Johnnie.187866
AviraTR/Dropper.Gen
ArcabitTrojan.Johnnie.D2DDDA
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.C4083296
Acronissuspicious
McAfeeArtemis!642CF8841081
MAXmalware (ai score=86)
MalwarebytesMachineLearning/Anomalous.94%
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:SL0ZfJiS5qC2uFh253A7YA)
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.HDG!tr
AVGWin32:GenMaliciousA-IHC [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Johnnie.187866?

Johnnie.187866 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment