Malware

Johnnie.546 removal tips

Malware Removal

The Johnnie.546 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.546 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine Johnnie.546?



File Info:

name: D6759A460B1EED874D72.mlw
path: /opt/CAPEv2/storage/binaries/ae060ca8d7d80d20ef3113d96112daca73f15886b34c4eda2ef1e1fc4eadc2e2
crc32: B7599BDA
md5: d6759a460b1eed874d7294e3f9784fe2
sha1: 90c22b832d4c8551cc4d1ad36aa76e8486f71237
sha256: ae060ca8d7d80d20ef3113d96112daca73f15886b34c4eda2ef1e1fc4eadc2e2
sha512: e52d7d4336b6cf6ed7d58a1a8da5979471613052e7052fab4e2801f0958a4040859f962a052c7523c0c51809baa05d65f560da0016dd3de2343ca8b0abb0d4f1
ssdeep: 6144:BbM8xVo06K9K8OszOD9PR7IEaE/688xdhI4jMMOP6HmMHFaD06KeK8Osz:Bj6Ko8Ose9Ym8x9jMx6H/HFaQ6Kn8Os
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B0250A6451A2059EC2F03BFFAD2579B853974C65F983411890FAF32A8A33503DE9B71E
sha3_384: c08ae633f4d3b2f37d911152138b7e603790c871ec2df3b3aca1b127c06886e1565abf12d12664087aa15f7c899da00b
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-04-19 05:44:20


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: Steam Wallet Exploit
FileVersion: 1.0.3.3
InternalName: Steam Wallet Exploit.exe
LegalCopyright: Copyright ©  2017
LegalTrademarks: 
OriginalFilename: Steam Wallet Exploit.exe
ProductName: Steam Wallet Exploit
ProductVersion: 1.0.3.3
Assembly Version: 1.0.3.3

Johnnie.546 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Johnnie.546
FireEyeGen:Variant.Johnnie.546
ALYacGen:Variant.Johnnie.546
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Impice.8
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:MSIL/Impice.6bd329bc
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.60b1ee
BitDefenderThetaGen:NN.ZemsilF.34212.8m0@aykhSqi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Impice.C
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Johnnie.546
NANO-AntivirusTrojan.Win32.Impice.epozoy
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Johnnie.546
SophosMal/Generic-S
ComodoMalware@#z4mkh3sx94yz
ZillyaTrojan.Impice.Win32.25
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Johnnie.546 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Johnnie.546
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1223233
Antiy-AVLTrojan/Win32.TSGeneric
KingsoftWin32.Troj.GenericKD.v.(kcloud)
ArcabitTrojan.Johnnie.546
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 99)
McAfeeArtemis!D6759A460B1E
MAXmalware (ai score=100)
YandexTrojan.Impice!IeYvkdTMaC8
IkarusTrojan.MSIL.Impice
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Impice.C!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Johnnie.546?

Johnnie.546 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment