Categories: Malware

Midie.105174 removal instruction

The Midie.105174 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Midie.105174 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
A process created a hidden window
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Oriya
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Network activity contains more than one unique useragent.
CAPE detected the OnlyLogger malware family
Attempts to modify proxy settings
Uses suspicious command line tools or Windows utilities

How to determine Midie.105174?


File Info:
name: 560602CEB16161E75952.mlwpath: /opt/CAPEv2/storage/binaries/358555a287279082a11161b2c59710d26aca5b834bb1b5b9fbe83011db7fa0d4crc32: F0407178md5: 560602ceb16161e75952dc8e664cb483sha1: 5d013130404526a72fa831339ef89756bddc63bbsha256: 358555a287279082a11161b2c59710d26aca5b834bb1b5b9fbe83011db7fa0d4sha512: ea09bb35a9d1179bfec60679fddffacdff6e58375a29aecef3bf3fddebfc2ba647322fed3b9adeb8b1d6ee62849c763812bf53df36b50024bd7d1afe68bf9315ssdeep: 6144:ro97x6jWqFQtcfs2igGkGkS5YFMw4ilb7ITsqXigaXwVfi:ro97x6jWwUsG6S5Y2biZ7Rtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B584EFC276E28C74D462FE7099228B901B6BFD21D661560BF73497AE1FB33D05632326sha3_384: 8f99844a907ac6ef362e2e440f2a7367150aed5431a5f3386462f3230d18ed9851d9eb054a1c65ce6fb9bc6986f56c36ep_bytes: e8f92f0000e978feffffcccccccccccctimestamp: 2021-02-05 10:03:21
Version Info:
InternalName: bomgpiaruci.iwaCopyright: Copyrighz (C) 2021, fudkatProductVersion: 13.54.77.27Translation: 0x0127 0x046a

Midie.105174 also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.560602ceb16161e7
McAfee	Lockbit-FSWW!560602CEB161
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.040452
Cyren	W32/Kryptik.FWV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNNO
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Ransom.Win32.Stop.gen
BitDefender	Gen:Variant.Midie.105174
MicroWorld-eScan	Gen:Variant.Midie.105174
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Fragtor.Stak
Ad-Aware	Gen:Variant.Midie.105174
Emsisoft	Trojan.Crypt (A)
TrendMicro	Ransom_Stop.R02DC0DL421
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fc
Sophos	ML/PE-A + Troj/Krypt-BO
Ikarus	Trojan-Ransom.StopCrypt
GData	Gen:Variant.Midie.105174
Jiangmin	Trojan.Fsysna.nlv
Arcabit	Trojan.Midie.D19AD6
Microsoft	Trojan:Win32/Raccrypt.GM!MTB
AhnLab-V3	Trojan/Win.MalPE.R455532
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34062.wC0@a41TQePG
ALYac	Gen:Variant.Midie.105174
MAX	malware (ai score=84)
VBA32	Trojan.Sabsik.FL
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	Ransom_Stop.R02DC0DL421
Rising	Malware.Heuristic!ET#94% (RDMK:cmRtazqnLjz7VolpTRKoBzoBtV3g)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:Malware-gen
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)