Malware

What is “Midie.105551 (B)”?

Malware Removal

The Midie.105551 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.105551 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Oriya
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Transacted Hollowing
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

How to determine Midie.105551 (B)?



File Info:

name: B6CA400223CE2A2591D6.mlw
path: /opt/CAPEv2/storage/binaries/1dabb9dcaf0ecd3e3f830cf592e16fca7e95f0596a236fc7880c4008d4c1d3c8
crc32: 6B0C3CAD
md5: b6ca400223ce2a2591d6ddd93b3eae6f
sha1: faf24cc6e260b5ea460d8dfc7985b07e29227897
sha256: 1dabb9dcaf0ecd3e3f830cf592e16fca7e95f0596a236fc7880c4008d4c1d3c8
sha512: 574150c9a0dc00c3f7a1a5d1502e11c8661ac4dce1697323993d4f5904f9111442b949e7a0a4b61901d7df5b02268c99aefc7a97ba7a5f03f962edcd40508e6c
ssdeep: 12288:VAKRqMo6Q19fC2KDQgxQMqPm2G3Dz1Al/daXov4zwHCgl79r0hJx8eOeWUUnunn5:mrr6QrSDQEqPm2G31aMaigQ3W3w5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6E4023276FAD833D6E31D70583187E40D3BBCA19525A116A6A4F79E2F72B4C4AE130D
sha3_384: 52730e52ff2c5192df4c52c5719cc3fbe75a16e77012f1a030d9141bb28cba877f6ca0458f5045df0c0eeb24a5f4677b
ep_bytes: e850440000e979feffffcccccccccccc
timestamp: 2021-04-14 00:02:33


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0127 0x046a

Midie.105551 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop19.14018
MicroWorld-eScanGen:Variant.Midie.105551
FireEyeGeneric.mg.b6ca400223ce2a25
McAfeeLockbit-FSWW!B6CA400223CE
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058ba8f1 )
K7GWHacktool ( 700007861 )
Cybereasonmalicious.6e260b
BitDefenderThetaGen:NN.ZexaF.34084.Ru0@aSGF7uIG
CyrenW32/Kryptik.FWV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNQD
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.Win32.Scrop.gen
BitDefenderGen:Variant.Midie.105551
AvastWin32:CrypterX-gen [Trj]
Ad-AwareGen:Variant.Midie.105551
SophosML/PE-A + Troj/Krypt-BO
McAfee-GW-EditionBehavesLike.Win32.VBobfus.jc
EmsisoftGen:Variant.Midie.105551 (B)
IkarusTrojan-Ransom.StopCrypt
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftRansom:Win32/StopCrypt.MVK!MTB
GDataWin32.Trojan.PSE.174FZTJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R457508
Acronissuspicious
VBA32BScope.TrojanDropper.Convagent
ALYacGen:Variant.Midie.105551
MAXmalware (ai score=80)
MalwarebytesTrojan.MalPack.GS
APEXMalicious
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_77%
FortinetW32/Lockbit.FSWW!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Midie.105551 (B)?

Midie.105551 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment