Malware

What is “Midie.96687”?

Malware Removal

The Midie.96687 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Midie.96687 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Binary compilation timestomping detected

Related domains:

example.org
ipv4only.arpa
detectportal.firefox.com

How to determine Midie.96687?



File Info:

name: BB7BCEE52D56BB85160E.mlw
path: /opt/CAPEv2/storage/binaries/8ccc85be81dbdb9e22a1d3986155a8579fcd0b86b06b3aa3076a6b956818adc6
crc32: EC57649E
md5: bb7bcee52d56bb85160ed2c4b5ae1fbc
sha1: db6be4e884f4f6ed3ad73c232973f1223a29d225
sha256: 8ccc85be81dbdb9e22a1d3986155a8579fcd0b86b06b3aa3076a6b956818adc6
sha512: bbb8c6e3ab7ef7d01433aa6edc4b5b79ea5317a8fa45b88fda5032c29124c00a35012bfe71c28f99064f9452cb19c58f3c36c76c744cb7ae8c9996ebd3ee3d39
ssdeep: 3072:Y2vaSpvMbQQiUc+TsqvyZwPAdE5SqiUZ6Z:Y2iSpNHPqaZ7CZ6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EEF3AE113DD1C479D7A2093588F0E9B6077EFC654BA98947BB883E9B7F704C0B62A253
sha3_384: 638c1c8b81dab6275ffb1e63c6f6096ab7289235e85bd93c3c108c9a15aad007d881b314b2aa91ac9bf4fb60dd6d7080
ep_bytes: e9a0d6ffffccccccccccccccccd9c0d9
timestamp: 2057-03-15 22:41:54


Version Info:

FileVersion: 1.0.0.3
LegalCopyright: Copyright (C) 2018
ProductVersion: 1.0.0.3
Translation: 0x0804 0x04b0

Midie.96687 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Midie.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.96687
FireEyeGeneric.mg.bb7bcee52d56bb85
ALYacGen:Variant.Midie.96687
MalwarebytesMalware.AI.1587489576
AlibabaTrojan:Win32/XPACK.67a62b4a
Cybereasonmalicious.52d56b
BitDefenderThetaGen:NN.ZexaF.34062.ju1@au9s@8nj
CyrenW32/S-5d4d8b58!Eldorado
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0PKQ21
Paloaltogeneric.ml
ClamAVWin.Packed.Mikey-9846307-0
BitDefenderGen:Variant.Midie.96687
TencentMalware.Win32.Gencirc.10b3c378
Ad-AwareGen:Variant.Midie.96687
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0PKQ21
McAfee-GW-EditionBehavesLike.Win32.Kudj.ch
EmsisoftGen:Variant.Midie.96687 (B)
JiangminTrojan.Generic.cckvz
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.25F644C
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Midie.96687
CynetMalicious (score: 100)
Acronissuspicious
PandaTrj/Genetic.gen
APEXMalicious
RisingMalware.Heuristic!ET#96% (RDMK:cmRtazpXkr6OXaN9l+dmhqf9Snpo)
YandexTrojan.GenAsa!DaZHyQAWI4g
IkarusTrojan.Crypt
eGambitUnsafe.AI_Score_81%
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Midie.96687?

Midie.96687 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment