Malware

About “Midie.104859” infection

Malware Removal

The Midie.104859 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.104859 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Midie.104859?



File Info:

name: 27D44158DE194089F478.mlw
path: /opt/CAPEv2/storage/binaries/93576f52eee8e441d692ad920149f5987bd5f33012a6a45c83c9135f75c0b556
crc32: 1133E78E
md5: 27d44158de194089f478f7e6fa8ecc89
sha1: 58fca518e0c315b31590875b5fa18f1b5209d1a6
sha256: 93576f52eee8e441d692ad920149f5987bd5f33012a6a45c83c9135f75c0b556
sha512: 08fa3637ae8005ca39a4260ace3a3585bff680875c0aa5e60fe6ca86ad7e9fbcd483ed64043e5c38207324b3746b85f8d0df827a52449016b978fa85acbebd73
ssdeep: 24576:0ruw8eQGCLXu2oZpvFNr9LXmgx+BAojL0c:wOvXho3Fc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T193156CC2B451C0F9D53625B00BBE6A79D255BDE7CA220B5F3784FAD919B30A92C3607C
sha3_384: a8ab8ac852b0ecd1f9d2006d6661047ad3ef20e468f3a406fb5116f26f59c9d89491df7b76ee149a465e5bc39ed0d2ad
ep_bytes: 558bec6aff6830924800686431430064
timestamp: 2021-11-20 10:48:40


Version Info:

Comments: 
CompanyName: 
FileDescription: EastDraw应用程序
FileVersion: 1, 0, 0, 1
InternalName: EastDraw
LegalCopyright: 版权所有 (C) 2002
LegalTrademarks: 
OriginalFilename: EastDraw.EXE
PrivateBuild: 
ProductName: EastDraw 应用程序
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Midie.104859 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.104859
FireEyeGen:Variant.Midie.104859
McAfeeArtemis!27D44158DE19
CylanceUnsafe
ZillyaDownloader.Agent.Win32.455511
K7AntiVirusTrojan-Downloader ( 005768c81 )
K7GWTrojan-Downloader ( 005768c81 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.FMQ
APEXMalicious
KasperskyHEUR:Trojan.Win32.Zenpak.gen
BitDefenderGen:Variant.Midie.104859
AvastWin32:BackdoorX-gen [Trj]
TencentWin32.Trojan-downloader.Agent.Htmi
Ad-AwareGen:Variant.Midie.104859
EmsisoftGen:Variant.Midie.104859 (B)
TrendMicroTROJ_GEN.R03AC0WL621
McAfee-GW-EditionBehavesLike.Win32.BadFile.ch
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Agent
JiangminTrojan.Zenpak.jcj
eGambitUnsafe.AI_Score_98%
AviraTR/Dldr.Agent.uvcta
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Midie.104859
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.R454409
BitDefenderThetaGen:NN.ZexaF.34062.2u1@aS12C@pj
ALYacGen:Variant.Midie.104859
MAXmalware (ai score=80)
VBA32BScope.Trojan.Zenpak
MalwarebytesMalware.AI.1904694489
TrendMicro-HouseCallTROJ_GEN.R03AC0WL621
YandexTrojan.Zenpak!RlQcKdtywB8
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.FMQ!tr.dldr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Midie.104859?

Midie.104859 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment