Malware

About “Midie.105379” infection

Malware Removal

The Midie.105379 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.105379 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Macedonian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • STOP ransomware registry artifacts detected
  • Creates a hidden or system file
  • CAPE detected the STOP malware family
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a known STOP ransomware variant mutex
  • STOP ransomware command line behavior detected
  • Uses suspicious command line tools or Windows utilities

How to determine Midie.105379?



File Info:

name: B3A0BA28E41799B57209.mlw
path: /opt/CAPEv2/storage/binaries/aec4399c1920607f16e9e1409cddb661bea66fe27f2491b8b58eec4c5b5787eb
crc32: 511BB5D6
md5: b3a0ba28e41799b57209885561a144c6
sha1: 4e343cac0100af23e4754513f257d6a2b31ce482
sha256: aec4399c1920607f16e9e1409cddb661bea66fe27f2491b8b58eec4c5b5787eb
sha512: f50ac7f6d91e571a8fa3197edaf67b43f36848940baa3abf7a053a61a37c787f94e4e37d4b51744846124e4f1e6e3d38572e22d5cb42af3b50fa9a0879fadc55
ssdeep: 12288:TwH+zLItKCeqpTA020teIoFpF5i1tqHiiQQJ5aC4a2v5ERwPd:TwezLIGFHPF5S2JYpayEWPd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19A05121232C0D032D49B207A8424C6B75E7AB875D5336A9FBFC94A7D5F14BD2EA2530E
sha3_384: ece7331e0cdaa5cf48020b52c4741da06009b8e9d1eadc645bc52185e8bf5085e7a03ef483ebdc8ddc85b9b080bbb8f2
ep_bytes: e8b5660000e978feffffcccccccccccc
timestamp: 2021-03-11 08:25:30


Version Info:

FileVers: 65.51.36.16
ProductVersa: 7.50.25.71
InternalName: peatemas
LegalCopyrighd: sharnir
Translations: 0x0169 0x0300

Midie.105379 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.b3a0ba28e41799b5
McAfeeRDN/Generic.grp
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7GWHacktool ( 700007861 )
Cybereasonmalicious.c0100a
CyrenW32/Kryptik.FXB.gen!Eldorado
SymantecPacked.Generic.620
ESET-NOD32a variant of Win32/Kryptik.HNOU
APEXMalicious
KasperskyHEUR:Trojan.Win32.Scarsi.gen
BitDefenderGen:Variant.Midie.105379
MicroWorld-eScanGen:Variant.Midie.105379
AvastWin32:DropperX-gen [Drp]
Ad-AwareGen:Variant.Midie.105379
SophosMal/Generic-R + Troj/Krypt-BO
McAfee-GW-EditionBehavesLike.Win32.Dropper.cc
EmsisoftTrojan.Crypt (A)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Midie.105379
MicrosoftTrojan:Win32/Azorult.RM!MTB
AhnLab-V3CoinMiner/Win.Glupteba.R456690
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34084.Yq0@aW7DyJlG
ALYacTrojan.Ransom.Stop
MAXmalware (ai score=81)
VBA32Trojan.Agent
MalwarebytesTrojan.MalPack.GS
RisingTrojan.Kryptik!1.DAF8 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNOL!tr
AVGWin32:DropperX-gen [Drp]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Midie.105379?

Midie.105379 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment