Malware

Midie.105458 (file analysis)

Malware Removal

The Midie.105458 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.105458 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Oriya
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Uses suspicious command line tools or Windows utilities

How to determine Midie.105458?



File Info:

name: 6212BD48734E92A08DA9.mlw
path: /opt/CAPEv2/storage/binaries/66cdd38aec372751fc0eba44fb1858020262cdf378bb13eb14268aac4319ca73
crc32: 21BDA0BC
md5: 6212bd48734e92a08da99cca45b257ef
sha1: 5e7345e43d8afb8100484839cea371b580fe5b82
sha256: 66cdd38aec372751fc0eba44fb1858020262cdf378bb13eb14268aac4319ca73
sha512: 038414db0d5b91883c7f67e2959425df422c2888eacdfeab1c979dfedf1223deee4e0562d6cb21d28af626d3683f536e8e8cd5d90fc5312caf8ecff4439c3f23
ssdeep: 6144:TJLaLyT5mJiPSFZ844vRnMs/hC12ycEd4Ke9E11wa4Zoq7r4uzbgwu6L7ITsqSi/:TJOyV238JMKE2XEdJey1ry8unnn7s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18474D0F1F6A99879E1632E308865CAE05B27BD11F5609006F634978E1B73FDC86E131E
sha3_384: 3aa212b5478705b6f66fb13a2943a3aef38c75105f88d6a8324b5b321c2a21af7b8486d445d6e52dcc24e59e77c5a183
ep_bytes: e8ef310000e979feffffcccccccccccc
timestamp: 2021-04-12 07:25:12


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0127 0x046a

Midie.105458 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.81450
FireEyeGeneric.mg.6212bd48734e92a0
ALYacGen:Variant.Midie.105458
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058b9141 )
AlibabaTrojan:Win32/Raccrypt.39a85d89
K7GWTrojan ( 0058b9141 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34084.wy0@a0i1SiJG
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNPK
TrendMicro-HouseCallTROJ_GEN.R002H06L821
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderTrojan.GenericKDZ.81450
AvastWin32:DropperX-gen [Drp]
Ad-AwareTrojan.GenericKDZ.81450
SophosMal/Generic-R + Troj/Krypt-BO
McAfee-GW-EditionBehavesLike.Win32.Trojan.fc
EmsisoftTrojan.GenericKDZ.81450 (B)
IkarusTrojan.Win32.Crypt
GDataTrojan.GenericKDZ.81450
eGambitUnsafe.AI_Score_62%
AviraTR/Crypt.Agent.uwgdm
MAXmalware (ai score=87)
ArcabitTrojan.Generic.D13E2A
MicrosoftTrojan:Win32/Raccoon.DE!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.FSWW.R457267
Acronissuspicious
McAfeeLockbit-FSWW!6212BD48734E
VBA32BScope.TrojanDropper.Convagent
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingTrojan.Generic@ML.92 (RDML:gz/WWLVTiwPTckF+VOaUkA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNPK!tr
WebrootW32.Malware.Gen
AVGWin32:DropperX-gen [Drp]
Cybereasonmalicious.43d8af
PandaTrj/GdSda.A

How to remove Midie.105458?

Midie.105458 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment