Ransom

Ransom.StopcryptPMF.S26310158 removal guide

Malware Removal

The Ransom.StopcryptPMF.S26310158 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.StopcryptPMF.S26310158 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • CAPE detected the Tofsee malware family
  • Created a service that was not started
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom.StopcryptPMF.S26310158?



File Info:

name: BD503839C9A4EE67BC9D.mlw
path: /opt/CAPEv2/storage/binaries/be593b9b8fd8cbef281c368ae8d417da261131f641feab2a28a08c55e3e3e891
crc32: 70EA73E4
md5: bd503839c9a4ee67bc9d007b953c4a2c
sha1: aa518b108994866be856debeaadef28afed84ab9
sha256: be593b9b8fd8cbef281c368ae8d417da261131f641feab2a28a08c55e3e3e891
sha512: b2a24e4ccdb59e41e91b302dc0bc4888477699374a7a2f03c4f6f882dea1a6f0627c0fc8cc05026f4eb425a261c3e55de51a9c39ee8a1f2b0eaabebf2da7da79
ssdeep: 49152:PuExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1:Pu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B7E64AC062D3F877EEE17A3198368ED41D3AFCC6D610161A3178FA4F2CB66C15AA1752
sha3_384: 5c81bc6a12a211cafa09be53d86038cc107ae1fd4bb133ecca6316ef0fd0a3af63af2e09cca123b131890e1551317f4d
ep_bytes: e837650000e978feffffcccccccccccc
timestamp: 2020-08-26 06:48:31


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.10.70.57
Translation: 0x0129 0x07b2

Ransom.StopcryptPMF.S26310158 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.bd503839c9a4ee67
CAT-QuickHealRansom.StopcryptPMF.S26310158
McAfeePacked-GEE!BD503839C9A4
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058d2d51 )
BitDefenderTrojan.GenericKDZ.82909
K7GWTrojan ( 0058d2d51 )
CrowdStrikewin/malicious_confidence_60% (D)
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOAL
TrendMicro-HouseCallMal_Tofsee
ClamAVWin.Trojan.Generic-9935605-0
KasperskyHEUR:Exploit.Win32.Shellcode.gen
MicroWorld-eScanTrojan.GenericKDZ.82909
RisingTrojan.Kryptik!1.DB29 (RDMK:cmRtazqwnU9bfFn+di3gAgOvuF7D)
Ad-AwareTrojan.GenericKDZ.82909
EmsisoftTrojan.Crypt (A)
DrWebTrojan.PWS.Vidar.19
TrendMicroMal_Tofsee
McAfee-GW-EditionBehavesLike.Win32.Trojan.th
SophosML/PE-A + Mal/Agent-AWV
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Generic.heyxl
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.350DAEC
GDataWin32.Trojan.BSE.1RR0I6
AhnLab-V3Trojan/Win.MalPE.R466076
BitDefenderThetaGen:NN.ZexaF.34182.@tW@aSi3Ydle
ALYacTrojan.GenericKDZ.82909
VBA32BScope.TrojanSpy.Stealer
MalwarebytesTrojan.MalPack.GS
APEXMalicious
YandexTrojan.Kryptik!Cokf1wK+1B4
IkarusTrojan.Win32.Raccoon
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/GenKryptik.ERHN!tr
PandaTrj/GdSda.A

How to remove Ransom.StopcryptPMF.S26310158?

Ransom.StopcryptPMF.S26310158 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment