Malware

Midie.108021 (file analysis)

Malware Removal

The Midie.108021 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.108021 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Midie.108021?



File Info:

name: CD55B6288AD377EA2191.mlw
path: /opt/CAPEv2/storage/binaries/c636c924f0dff7728a5ff321d7790033046e59864ff35e8e3663f18470983fb0
crc32: D382819C
md5: cd55b6288ad377ea21914a0afa1f71da
sha1: d92d0ee0a54fed3069481c8ea24d4895c821ff55
sha256: c636c924f0dff7728a5ff321d7790033046e59864ff35e8e3663f18470983fb0
sha512: 0756ba2f8bda15aadf31d5bc352d11fbd663dcbf6c51f87adc3d604f70c13ec5a14f19d40faff4f9d2f34c5098b7165f4ea7a2b4e546c44dfd0cf1ce7b50ab9a
ssdeep: 98304:FJv2FrQWClG43z7Quu4ItywEBp0r0m+SqVv5:FilRuu4Ity/Bpk0m+Pf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T177266D13E5418866F128027005F72739BF35B7721AE15A93BB98CDF42F522629FDB68C
sha3_384: 3e1c6c05a71813293e2c70755166e3e1639885bb50fa2a46aa4b00588f915efdd14501f0e599395162a8c9b65afa248c
ep_bytes: 558bec6aff68c0198100687492620064
timestamp: 2021-06-03 12:52:39


Version Info:

FileVersion: 40.0.0.1
FileDescription: www.luokexf.com
ProductName: 洛克王国旋风辅助
ProductVersion: 40.0.0.1
CompanyName: 洛克王国旋风辅助
LegalCopyright: 洛克王国旋风辅助
官网:www.luokexf.com
邮箱:admin@luokexf.com
Comments: www.luokexf.com
Translation: 0x0804 0x04b0

Midie.108021 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.108021
FireEyeGeneric.mg.cd55b6288ad377ea
CAT-QuickHealTrojan.Jenix.13329
ALYacGen:Variant.Midie.108021
CylanceUnsafe
ZillyaAdware.Agent.Win32.167368
SangforAdware.Win32.Agent.gen
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaAdWare:Win32/FlyStudio.3644892f
K7GWTrojan ( 005246d51 )
K7AntiVirusTrojan ( 005246d51 )
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/FlyStudio.Injector.A potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Benban-9840578-0
Kasperskynot-a-virus:AdWare.Win32.Agent.gen
BitDefenderGen:Variant.Midie.108021
AvastWin32:MiscX-gen [PUP]
Ad-AwareGen:Variant.Midie.108021
SophosGeneric PUA NJ (PUA)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
TrendMicroTROJ_GEN.R002C0WKM21
McAfee-GW-EditionBehavesLike.Win32.Generic.rh
EmsisoftGen:Variant.Midie.108021 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Midie.108021
JiangminAdware.Agent.atss
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.A!ml
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.RL_Agent.R366133
Acronissuspicious
McAfeeArtemis!CD55B6288AD3
MAXmalware (ai score=80)
VBA32BScope.Trojan.Downloader
MalwarebytesTrojan.MalPack.FlyStudio
TrendMicro-HouseCallTROJ_GEN.R002C0WKM21
RisingAdware.Agent!8.71 (CLOUD)
YandexPUA.Agent!y/sBgXL9mys
IkarusTrojan-Dropper.Agent
eGambitGeneric.Malware
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34232.@t0aaK8l89fb
AVGWin32:MiscX-gen [PUP]
Cybereasonmalicious.0a54fe
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Midie.108021?

Midie.108021 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment