Malware

What is “Johnnie.369577”?

Malware Removal

The Johnnie.369577 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.369577 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Korean
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Johnnie.369577?



File Info:

name: 2B29858933AECE405B0F.mlw
path: /opt/CAPEv2/storage/binaries/00d0474b11a2757a307275b4e1a8825612da9e29d961ce22065d292f38d34fe2
crc32: CF78610F
md5: 2b29858933aece405b0f3f51b9452323
sha1: e417707df9cabf045345c88bcbec638a95d9b449
sha256: 00d0474b11a2757a307275b4e1a8825612da9e29d961ce22065d292f38d34fe2
sha512: 0f31231e6f8913d95b2ffe08c76a53b0ca4896d6d04128ed2bf9b7ab7d9c6569fa0b1f22cdac4bf90f3b043be32fec1f32dbba39daccdd91d6aedf69563dfe75
ssdeep: 98304:1aRFGy0OxuK2lAhDSB0XTW6683HPSKJch0ZIDIB0ROCekvCBu8uWdy3qHvRzjXyO:SFGy0PNKSQvSKJchGIDIB6OHZXCkiadx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10446AE2236A1807AC23A3630D51EB3B9B6BDC9304DB506876E912F3D7E744D3953866F
sha3_384: 9a96c192914a7d0d8db636f599e556778d4cf2d1d9799942e5c8492041fe7643c91143f04a1d5b469232345015c46c0e
ep_bytes: e8178c0000e989feffff8bff558bec53
timestamp: 2021-12-10 11:24:28


Version Info:

Translation: 0x0412 0x03b5

Johnnie.369577 also known as:

MicroWorld-eScanGen:Variant.Johnnie.369577
FireEyeGen:Variant.Johnnie.369577
ALYacGen:Variant.Johnnie.369577
Cybereasonmalicious.933aec
ESET-NOD32a variant of Win32/Agent.ACEY
KasperskyHEUR:Trojan.Win32.Lednur.gen
BitDefenderGen:Variant.Johnnie.369577
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.11cdbf48
Ad-AwareGen:Variant.Johnnie.369577
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
EmsisoftGen:Variant.Johnnie.369577 (B)
GDataGen:Variant.Johnnie.369577
JiangminTrojan.Lednur.a
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.322E2D2
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Trojan/Win.Generic.C4770047
McAfeeArtemis!2B29858933AE
APEXMalicious
AVGWin32:Trojan-gen

How to remove Johnnie.369577?

Johnnie.369577 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment