Categories: Malware

Johnnie.71601 malicious file

The Johnnie.71601 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Johnnie.71601 virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to remove evidence of file being downloaded from the Internet
Attempts to delete volume shadow copies
Deletes its original binary from disk
Checks for the presence of known windows from debuggers and forensic tools
Writes a potential ransom message to disk
Creates a hidden or system file
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

kel52.com

myredhour.com

controlfreaknetworks.com

sappmtraining.com

How to determine Johnnie.71601?


File Info:
crc32: 661509D6md5: c7f104f31963cb12752c00c21053c85bname: C7F104F31963CB12752C00C21053C85B.mlwsha1: ed469c566ea2b11e15760500cd5f64a27fd27a06sha256: 9e606d4a6bca26937544ebf16af0d986dfad41af61393296ffb5c42b23c3c727sha512: 63c48474ed4dc1171da7ea663df9ad13cc417687556e671b70b7c43719ace9397cb3019676ffe9e7c76107420282b147f097f325d5e1d340d92b6f817457090dssdeep: 6144:D+nltIQzB2SW8je4d1rxm8Z0Ce7G7PWH4X8indVnqVSClmAhnu:D+/F7WAe43rMeDaVImVjlmAhnutype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: xa9. All rights reserved. PortableApps.comInternalName: MethylFileVersion: 9.6.4.7CompanyName: PortableApps.comLegalTrademarks: xa9. All rights reserved. PortableApps.comProductName: MethylLanguages: EnglishProductVersion: 9.6.4.7FileDescription: Cis Assessments CapsTranslation: 0x0409 0x04b0

Johnnie.71601 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055dd191 )
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop6.34518
ClamAV	BC.Win.Packer.Troll-14
ALYac	Gen:Variant.Johnnie.71601
Cylance	Unsafe
Zillya	Trojan.Bitman.Win32.1763
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Ransom:Win32/Bitman.6d43c001
K7GW	Trojan ( 0055dd191 )
Cybereason	malicious.31963c
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.FSZA
APEX	Malicious
Avast	Win32:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Bitman.tvm
BitDefender	Gen:Variant.Johnnie.71601
NANO-Antivirus	Trojan.Win32.Drop.ebdwxm
MicroWorld-eScan	Gen:Variant.Johnnie.71601
Tencent	Win32.Trojan.Bitman.Tbsb
Ad-Aware	Gen:Variant.Johnnie.71601
Sophos	Troj/Ransom-CPE
BitDefenderTheta	Gen:NN.ZexaF.34690.Fq0@aKVKovli
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CRYPTESLA.CBQ163H
McAfee-GW-Edition	BehavesLike.Win32.Dropper.hc
FireEye	Generic.mg.c7f104f31963cb12
Emsisoft	Gen:Variant.Johnnie.71601 (B)
SentinelOne	Static AI – Malicious PE
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.ZPACK.Gen7
Kingsoft	Win32.Troj.GenericKD.v.(kcloud)
Microsoft	Trojan:Win32/Dynamer!ac
ZoneAlarm	Trojan-Ransom.Win32.Bitman.tvm
GData	Gen:Variant.Johnnie.71601
AhnLab-V3	Trojan/Win32.Locky.R195755
Acronis	suspicious
McAfee	Artemis!C7F104F31963
MAX	malware (ai score=81)
VBA32	BScope.TrojanRansom.Bitman
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_CRYPTESLA.CBQ163H
Rising	Ransom.Bitman!8.6A2 (CLOUD)
Yandex	Trojan.Bitman!0SBaRR6it/s
Ikarus	Trojan-Banker.UrSnif
Fortinet	W32/Kryptik.DDF6!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml