Midie.103659 (B) malicious file

The Midie.103659 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Midie.103659 (B) virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Slovenian
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Checks for the presence of known windows from debuggers and forensic tools
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

g-localdevice.biz

forwardstorage.biz

blairwitch.top

mywdeb08.top

truzen.info

iplogger.org

How to determine Midie.103659 (B)?


File Info:
crc32: F7F50D9B
md5: 3db7aa3b3db33cc193da46022a86d712
name: 3DB7AA3B3DB33CC193DA46022A86D712.mlw
sha1: c41bfa6c0098ba01231828818f94d232a78b2d08
sha256: 964dfa57bf67859f2d1a5ff77a5c77d8f7e48ae05e36fe8347dcec89afcc42b4
sha512: d1120ef12b671b6431dff0d842a6bc9cc5488851bbb1b6b5587517624206f95cb81a7861c01f23062a10d057dbf8e0432e4d311a58d985d79a371a76f11b44ab
ssdeep: 6144:cVfHWyUAiIullJA9XOhddweVtD8QcZaxwVf:MfWXAR+IQ14/Z
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalName: bomgpiaruci.iwa
ProductVersion: 15.54.17.21
Copyright: Copyrighz (C) 2021, fudkagat
Translation: 0x0184 0x046a

Midie.103659 (B) also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 00589d2d1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader43.65008
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Jaik.49293
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 00589d2d1 )
Cybereason	malicious.c0098b
Cyren	W32/Kryptik.FOQ.gen!Eldorado
Symantec	Packed.Generic.528
ESET-NOD32	a variant of Win32/Kryptik.HNHX
APEX	Malicious
Avast	FileRepMalware
ClamAV	Win.Packed.Fragtor-9908420-0
Kaspersky	HEUR:Backdoor.Win32.Agent.pef
BitDefender	Gen:Variant.Midie.103659
MicroWorld-eScan	Gen:Variant.Midie.103659
Ad-Aware	Gen:Variant.Midie.103659
Sophos	ML/PE-A
BitDefenderTheta	Gen:NN.ZexaF.34266.rq0@am1dVSik
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dc
FireEye	Generic.mg.3db7aa3b3db33cc1
Emsisoft	Gen:Variant.Midie.103659 (B)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Midie.103659
AhnLab-V3	CoinMiner/Win.Glupteba.R450080
Acronis	suspicious
McAfee	Lockbit-FSWW!3DB7AA3B3DB3
MAX	malware (ai score=87)
VBA32	Malware-Cryptor.2LA.gen
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/GdSda.A
Rising	Malware.Heuristic!ET#96% (RDMK:cmRtazqUZAl+++PA4w/BANTNltT7)
Ikarus	Trojan-Ransom.StopCrypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FOQ!tr
AVG	FileRepMalware

How to remove Midie.103659 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Midie.103659 (B) malicious file