Johnnie.266877 (file analysis)

The Johnnie.266877 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Johnnie.266877 virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Johnnie.266877?


File Info:
name: 2C52612D4E5F319D91A4.mlw
path: /opt/CAPEv2/storage/binaries/1aba52ad93e550f978e6d047b4ac1e2d4d2b310110d3e6999fdfeb7ae60f6807
crc32: 64C20DF5
md5: 2c52612d4e5f319d91a4481290d19b90
sha1: 006c75f002becb1560efdc625f7716fe00349033
sha256: 1aba52ad93e550f978e6d047b4ac1e2d4d2b310110d3e6999fdfeb7ae60f6807
sha512: 254588b17d507d6f1910df2b186c3a63aa3056b5d522a33e1de27f181b51441029d3ea0c887b8a595b30945c6d3b662d4159ab294713be51aca09bcdc391665e
ssdeep: 6144:68EpCYqGTN8bjSzt62Dzw5g6AGBC/h8nJb:Hb/Mwvya
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T193448C2236E5C872D5A301374CE6C769B7B6BD119B32864B7BD03F4EAE315938A35312
sha3_384: 4d79dcdebb7a86f1d47a77e35110c96efdf0c1d92294a842c1c18586f45eace5851e31b2b2a9321620a6f339141756ea
ep_bytes: e87b900000e916feffff558bec51538b
timestamp: 2009-04-22 02:54:08

Version Info:
CompanyName: 南京市地方税务局
FileDescription: 个税申报客户端自动更新程序
FileVersion: 2.0.1
InternalName: FbUpdate.exe
LegalCopyright: (C) 南京市地方税务局。保留所有权利。
OriginalFilename: FbUpdate.exe
ProductName: 个税申报客户端自动更新程序
ProductVersion: 2.0.1
Translation: 0x0804 0x03a8

Johnnie.266877 also known as:

Lionic	Trojan.Win32.Scar.4!c
MicroWorld-eScan	Gen:Variant.Johnnie.266877
FireEye	Gen:Variant.Johnnie.266877
Skyhigh	BehavesLike.Win32.Virus.dh
McAfee	Artemis!2C52612D4E5F
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.V81u
Alibaba	Trojan:Win32/Alman.df682cc8
Arcabit	Trojan.Johnnie.D4127D
Kaspersky	Trojan.Win32.Scar.rnfb
BitDefender	Gen:Variant.Johnnie.266877
Sophos	Mal/Generic-R
VIPRE	Gen:Variant.Johnnie.266877
Emsisoft	Gen:Variant.Johnnie.266877 (B)
Ikarus	Virus.Alman
Jiangmin	Trojan.Scar.rpn
Google	Detected
Antiy-AVL	Trojan/Win32.Scar
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Zpevdo.B
ZoneAlarm	Trojan.Win32.Scar.rnfb
GData	Gen:Variant.Johnnie.266877
VBA32	Trojan.Scar
ALYac	Gen:Variant.Johnnie.266877
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002H09H723
DeepInstinct	MALICIOUS

How to remove Johnnie.266877?

Johnnie.266877 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X