Malware

Johnnie.303819 information

Malware Removal

The Johnnie.303819 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.303819 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Disables Interner Explorer creating a new process per tab, possibly for browser injection
  • Harvests cookies for information gathering

How to determine Johnnie.303819?



File Info:

name: 06A4B77383524F689320.mlw
path: /opt/CAPEv2/storage/binaries/0a83207abcc43cff9d2e7d818fc67ce386a0b742a1c327be0f3a3932c7c5dbea
crc32: F6C3BBDD
md5: 06a4b77383524f689320d319a903cbb0
sha1: 06ec2d7f6d99232d15c53969ddf233c96c7b96e3
sha256: 0a83207abcc43cff9d2e7d818fc67ce386a0b742a1c327be0f3a3932c7c5dbea
sha512: 066fc52e72ed91ca1ee925d242c71e32e7a532f03584c993339b9deaaa8be8c0733153ae5f444c287435c74b1893b28e9754ec66a4cbaf07bbe5c25242ff71fa
ssdeep: 24576:HMd+EhyASTf1TNDIgjWGbWccw3TqMR2heDoneTtSX:sd+DFT3Egjwc1oIDon64
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1213523F53CA0E163EF066E3A9A03A6B1CAF34CED1B08454E4BEC77AE1875575123C646
sha3_384: 1b6bb07c9e333f6bc75d4f1db9eeaa38ce8a5d90c78b85dcb894b711cd6aa947c54c3d872546e241700bfd8921112d96
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-06-18 21:33:23


Version Info:

0: [No Data]

Johnnie.303819 also known as:

LionicTrojan.Win32.BHO.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Johnnie.303819
FireEyeGen:Variant.Johnnie.303819
ALYacGen:Variant.Injector.45
CylanceUnsafe
VIPREGen:Variant.Johnnie.303819
K7AntiVirusTrojan ( 004f38861 )
K7GWTrojan ( 004f38861 )
Cybereasonmalicious.383524
BitDefenderThetaGen:NN.ZexaF.34742.vqW@aWqgbvhb
VirITTrojan.Win32.Generic.ADAW
CyrenW32/Trojan.BLTU-1143
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-1216478
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Johnnie.303819
NANO-AntivirusTrojan.Win32.KillFiles.drtzcs
AvastWin32:Malware-gen
EmsisoftGen:Variant.Johnnie.303819 (B)
ComodoMalware@#2fmgnx7h8vkv8
DrWebJS.IFrame.473
TrendMicroTROJ_GEN.R03BC0PFL22
McAfee-GW-EditionGenericRXMC-EP!70E43A760315
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.Pasta
JiangminVariant.Injector.a
AviraHEUR/AGEN.1233800
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Casur.A!cl
GDataGen:Variant.Injector.45
CynetMalicious (score: 100)
AhnLab-V3Adware/Win32.BHO.R28991
McAfeeArtemis!06A4B7738352
MAXmalware (ai score=100)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallTROJ_GEN.R03BC0PFL22
RisingTrojan.Generic@AI.91 (RDML:2x/OAn18KsktdGcT4qqKZQ)
YandexTrojan.GenAsa!5wCcFbr3S5E
FortinetW32/Generik.JSERIWM!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Johnnie.303819?

Johnnie.303819 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment