Malware

Johnnie.256973 (B) (file analysis)

Malware Removal

The Johnnie.256973 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.256973 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Johnnie.256973 (B)?



File Info:

name: D222EDEB9BAF718B6C35.mlw
path: /opt/CAPEv2/storage/binaries/52213af24c95924c2c4c27f5a07eb6585dc3483435e620f7dcce38e15ebe386b
crc32: 92DA3FE3
md5: d222edeb9baf718b6c3524ce0838c890
sha1: 2a400ffec9cd5fc5b1584b40b6642fa1b72db5ef
sha256: 52213af24c95924c2c4c27f5a07eb6585dc3483435e620f7dcce38e15ebe386b
sha512: 17919e058d41fb2094149a7950212c530853100da59fb903a835d2f88b775b0041be4ef6784c3bf05ee354737aa0ecb16860e856000b35ab39051aa88ff2584f
ssdeep: 6144:wPVJE2x22mkaQVUUpULPrOgfylH6wYpd8pJS5Zqv1sV14UKQ0Xae8mzSZ/gYw03J:wZpgtRylH6GcXKQ8a3muZ/gYoBWo3m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12ED47C33F541758AE53341B10D75ABF93E3A6C356025924B72C0AE9A99B2ED3BC0931F
sha3_384: c1e1991f65aa23d850df985771c9c7e796139ce31044c35b07890027cccaf923fdcf57fb65a787741205e7d19ae88a07
ep_bytes: 6874454000e8eeffffff000058000000
timestamp: 2020-06-22 10:25:08


Version Info:

Translation: 0x0409 0x04b0
Comments: By Rajneesh Noonia
CompanyName: Xansa
ProductName: Flow Chart Designer
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Graph
OriginalFilename: Graph.exe

Johnnie.256973 (B) also known as:

LionicTrojan.Win32.Bsymem.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.140
MicroWorld-eScanGen:Variant.Johnnie.256973
FireEyeGeneric.mg.d222edeb9baf718b
ALYacGen:Variant.Johnnie.256973
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 005696411 )
K7AntiVirusTrojan ( 005696411 )
BitDefenderThetaGen:NN.ZevbaF.34084.Nm0@aG0!dIcO
VirITTrojan.Win32.Genus.JSK
CyrenW32/VBInject.AEH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EMLX
TrendMicro-HouseCallTrojanSpy.Win32.TRICKBOT.YXBLLZ
Paloaltogeneric.ml
ClamAVWin.Trojan.Johnnie-9810945-0
KasperskyTrojan.Win32.Bsymem.rim
BitDefenderGen:Variant.Johnnie.256973
NANO-AntivirusTrojan.Win32.Mlw.hlxyax
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10cdd830
Ad-AwareGen:Variant.Johnnie.256973
EmsisoftGen:Variant.Johnnie.256973 (B)
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.TRICKBOT.YXBLLZ
McAfee-GW-EditionTrickbot-FSNZ!D222EDEB9BAF
SophosMal/Generic-S
GDataGen:Variant.Johnnie.256973
JiangminTrojan.Bsymem.aav
WebrootW32.Trojan.Gen
AviraTR/AD.TrickBot.kphae
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.30A035A
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.TrickBot.sa
MicrosoftTrojan:Win32/Bsymem.DEC!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Emotet.R342942
McAfeeTrickbot-FSNZ!D222EDEB9BAF
TACHYONTrojan/W32.VB-Bsymem.638976
VBA32TScope.Trojan.VB
MalwarebytesTrojan.Injector
APEXMalicious
RisingTrojan.Kryptik!1.C606 (CLASSIC)
YandexTrojan.Injector!fRmMkEBU93A
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.102778529.susgen
FortinetW32/GenKryptik.EVJU!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.b9baf7
PandaTrj/GdSda.A

How to remove Johnnie.256973 (B)?

Johnnie.256973 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment