Malware

Should I remove “Johnnie.97375”?

Malware Removal

The Johnnie.97375 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Johnnie.97375 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify browser security settings
  • Disables Interner Explorer creating a new process per tab, possibly for browser injection
  • Creates a copy of itself
  • Attempts to disable browser security warnings
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Johnnie.97375?



File Info:

name: 9C89FD6D43B14731CBC5.mlw
path: /opt/CAPEv2/storage/binaries/ab57630be18b8aa9b2e9e35c1d2987f05d710fda888a7c44b85b6975bddefbec
crc32: 43253507
md5: 9c89fd6d43b14731cbc54249405a0929
sha1: 27745ff67a0ab6279a4aa690e6919fd3d0fafef1
sha256: ab57630be18b8aa9b2e9e35c1d2987f05d710fda888a7c44b85b6975bddefbec
sha512: f8b9f224cd983139cc1917860f0f412cc8fe0fa702b5ea69c3d6d5c4761c70b05870e447edfd0a6bad4e2f18752c545348b1d3f28a22fa2c728828ebf0e0a815
ssdeep: 3072:nddabnURlcjwuxcD40R3aJm5ULYmop52Bt1:d8DURAwJ40Rb5U8pM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDF3F12CF4A11962E9ADF235E1031BA1D3FCB8359E36336752C051E02FE2454BD96F5A
sha3_384: ba6404f37bfc5208b4c1b4aadd7372bc9de38148fcefe9d59734365e6ce19fb94552757153f999a65421642cfb04e13b
ep_bytes: 558bec81ec80000000a1764d41002dbc
timestamp: 2015-04-25 16:05:51


Version Info:

Comments: 
CompanyName: F-Secure Corporation
FileDescription: F-Secure SafeSearch Application Elevated Installer
FileVersion: 1.07.117.0
InternalName: elevated_installer
LegalCopyright: Copyright (c) 2013-2016 F-Secure Corporation
LegalTrademarks: 
OriginalFilename: elevated_installer.exe
PrivateBuild: 
ProductName: F-Secure Safe Search Application
ProductVersion: 1.07.117.0
SpecialBuild: 
Translation: 0x0409 0x04b0

Johnnie.97375 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Vawtrak.m!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Johnnie.97375
FireEyeGeneric.mg.9c89fd6d43b14731
McAfeeArtemis!9C89FD6D43B1
MalwarebytesMachineLearning/Anomalous.96%
ZillyaTrojan.Kryptik.Win32.1686383
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaBackdoor:Win32/Vawtrak.896238ee
K7GWTrojan ( 0055dd191 )
ArcabitTrojan.Johnnie.D17C5F
BitDefenderThetaGen:NN.ZexaF.36164.ky0@aON4hBbi
SymantecRansom.CryptXXX!gm
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.FJXC
APEXMalicious
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Vawtrak.ef
BitDefenderGen:Variant.Johnnie.97375
NANO-AntivirusTrojan.Win32.Vawtrak.fudlrn
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.114d6478
EmsisoftGen:Variant.Johnnie.97375 (B)
F-SecureHeuristic.HEUR/AGEN.1309924
DrWebTrojan.Inject3.21219
VIPREGen:Variant.Johnnie.97375
TrendMicroBKDR_VAWTRAK.SMSM
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Vawtrak.jg
GoogleDetected
AviraHEUR/AGEN.1309924
Antiy-AVLTrojan[Backdoor]/Win32.Vawtrak.ef
XcitiumMalware@#spq3oki2yuis
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmBackdoor.Win32.Vawtrak.ef
GDataGen:Variant.Johnnie.97375
CynetMalicious (score: 100)
VBA32BScope.Backdoor.Vawtrak
ALYacGen:Variant.Johnnie.97375
MAXmalware (ai score=83)
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallBKDR_VAWTRAK.SMSM
RisingBackdoor.Vawtrak!8.11D (TFE:1:bGm7dpzUah)
YandexBackdoor.Vawtrak!szhEgnWPJrI
IkarusTrojan.Win32.PSW
FortinetW32/Generic.AC.39C74B!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Johnnie.97375?

Johnnie.97375 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment