Malware

Johnnie.96625 removal guide

Malware Removal

The Johnnie.96625 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Johnnie.96625 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Anomalous binary characteristics

How to determine Johnnie.96625?


File Info:

name: A6C9B432ACBF78A8A2EF.mlw
path: /opt/CAPEv2/storage/binaries/b1df24736ad8bebcb2a71690e077e5becb5cc295d8327f278bb8d5d21f868064
crc32: D88ABD87
md5: a6c9b432acbf78a8a2efddeb39e36ce7
sha1: 0972770621879d76a9cf7e740c2c1d56bd3c919a
sha256: b1df24736ad8bebcb2a71690e077e5becb5cc295d8327f278bb8d5d21f868064
sha512: a804b2807d4671f487fe562ba6fd2afd06b8c867f3f43d14c66c2d13890bef440e410bc1eb41af8929df76c20c35fc2835ee48e49436584c51b51c42d05585e5
ssdeep: 1536:tAdZ9WegBFFGUjckuQP07+N1PYA4ty2GAHPtC1N6LNjejU5:t7egoUjoQPy+Nitty2GAvt555
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E3B33A06F3F49462E0B77B35497A96A85D36BC41B834CA7E235C3A1E1DB0A40DD7632B
sha3_384: 393705b361df9fffe18a6ab14e0cf4d8ea07a364aa8b6789bba7c9b9b197d2e1098f4bcd46750c93d815baa34b7ed905
ep_bytes: e8361a0000e989feffff8bff558bec81
timestamp: 2015-01-30 14:39:16

Version Info:

0: [No Data]

Johnnie.96625 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanGen:Variant.Johnnie.96625
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Johnnie.96625
CylanceUnsafe
ZillyaTrojan.Yakes.Win32.31890
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053eed71 )
AlibabaTrojan:Win32/Kryptik.55c71636
K7GWTrojan ( 0053eed71 )
Cybereasonmalicious.2acbf7
VirITTrojan.Win32.Tinba.FW
CyrenW32/Tinba.N.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.DBKK
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Johnnie-6899506-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Johnnie.96625
NANO-AntivirusTrojan.Win32.Tinba.eblvly
AvastWin32:GenMaliciousA-EMV [Trj]
TencentMalware.Win32.Gencirc.10b1ec6d
Ad-AwareGen:Variant.Johnnie.96625
EmsisoftGen:Variant.Johnnie.96625 (B)
ComodoTrojWare.Win32.Tinba.DB@7t4q57
DrWebTrojan.PWS.Tinba.152
VIPREGen:Variant.Johnnie.96625
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.a6c9b432acbf78a8
SophosMal/Generic-R + Mal/Tinba-C
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Johnnie.96625
JiangminTrojan/Yakes.taa
AviraTR/AD.Tinba.cxjcx
Antiy-AVLTrojan/Generic.ASMalwS.24F
ArcabitTrojan.Johnnie.D17971
MicrosoftTrojanDownloader:Win32/Dofoil.AC
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ZBot.R138942
McAfeeGenericRXGG-LO!A6C9B432ACBF
MAXmalware (ai score=84)
VBA32BScope.TrojanSpy.Ursnif
MalwarebytesTrojan.Agent
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.Yakes!8BQYoQRD2G4
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.DBWY!tr
BitDefenderThetaGen:NN.ZexaF.34582.guW@aaHYgloi
AVGWin32:GenMaliciousA-EMV [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Johnnie.96625?

Johnnie.96625 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment