Malware

Midie.105174 removal instruction

Malware Removal

The Midie.105174 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.105174 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Oriya
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Network activity contains more than one unique useragent.
  • CAPE detected the OnlyLogger malware family
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

How to determine Midie.105174?



File Info:

name: 560602CEB16161E75952.mlw
path: /opt/CAPEv2/storage/binaries/358555a287279082a11161b2c59710d26aca5b834bb1b5b9fbe83011db7fa0d4
crc32: F0407178
md5: 560602ceb16161e75952dc8e664cb483
sha1: 5d013130404526a72fa831339ef89756bddc63bb
sha256: 358555a287279082a11161b2c59710d26aca5b834bb1b5b9fbe83011db7fa0d4
sha512: ea09bb35a9d1179bfec60679fddffacdff6e58375a29aecef3bf3fddebfc2ba647322fed3b9adeb8b1d6ee62849c763812bf53df36b50024bd7d1afe68bf9315
ssdeep: 6144:ro97x6jWqFQtcfs2igGkGkS5YFMw4ilb7ITsqXigaXwVfi:ro97x6jWwUsG6S5Y2biZ7R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B584EFC276E28C74D462FE7099228B901B6BFD21D661560BF73497AE1FB33D05632326
sha3_384: 8f99844a907ac6ef362e2e440f2a7367150aed5431a5f3386462f3230d18ed9851d9eb054a1c65ce6fb9bc6986f56c36
ep_bytes: e8f92f0000e978feffffcccccccccccc
timestamp: 2021-02-05 10:03:21


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0127 0x046a

Midie.105174 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.560602ceb16161e7
McAfeeLockbit-FSWW!560602CEB161
CylanceUnsafe
SangforTrojan.Win32.Save.a
Cybereasonmalicious.040452
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNNO
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderGen:Variant.Midie.105174
MicroWorld-eScanGen:Variant.Midie.105174
AvastWin32:Malware-gen
TencentWin32.Trojan.Fragtor.Stak
Ad-AwareGen:Variant.Midie.105174
EmsisoftTrojan.Crypt (A)
TrendMicroRansom_Stop.R02DC0DL421
McAfee-GW-EditionBehavesLike.Win32.Lockbit.fc
SophosML/PE-A + Troj/Krypt-BO
IkarusTrojan-Ransom.StopCrypt
GDataGen:Variant.Midie.105174
JiangminTrojan.Fsysna.nlv
ArcabitTrojan.Midie.D19AD6
MicrosoftTrojan:Win32/Raccrypt.GM!MTB
AhnLab-V3Trojan/Win.MalPE.R455532
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34062.wC0@a41TQePG
ALYacGen:Variant.Midie.105174
MAXmalware (ai score=84)
VBA32Trojan.Sabsik.FL
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_Stop.R02DC0DL421
RisingMalware.Heuristic!ET#94% (RDMK:cmRtazqnLjz7VolpTRKoBzoBtV3g)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Midie.105174?

Midie.105174 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment