Ransom

About “Ransom.StopcryptRI.S26041584” infection

Malware Removal

The Ransom.StopcryptRI.S26041584 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.StopcryptRI.S26041584 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • CAPE detected the Tofsee malware family
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom.StopcryptRI.S26041584?



File Info:

name: 084CCFD504A5AB8160B1.mlw
path: /opt/CAPEv2/storage/binaries/7b2a2c0cfe677ac6d17028973e76726af29ca213130aa1c4905cc250faea763c
crc32: AD21FD02
md5: 084ccfd504a5ab8160b104afca41b2d0
sha1: 422b912f99f254253d6778baac279526e4680e1c
sha256: 7b2a2c0cfe677ac6d17028973e76726af29ca213130aa1c4905cc250faea763c
sha512: 4221916c64c44db95ac10c93bfd9b0a112a63b6b84f7d2f93c4c3af869429b3af07211d01637530bbf037e7f6235faad1d9238e77f45ff1dd136f2abb4fbc12b
ssdeep: 6144:ZqM6k2nL0M0oAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQAQA3:QP3nY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124B63941ABE0D815EEE24E30983556E82D3BFC92A920529FE1503BCFFB73541B961763
sha3_384: 7461c250c722f6edf23b1af77e4e3d07200c3de1cba5d407c8c3be7525d8b21c9cb4ca8f77b5cf8342f5d0df3814cb89
ep_bytes: e8e0330000e978feffffcccccccccccc
timestamp: 2021-06-09 07:09:04


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.14.70.77
Translation: 0x0129 0x0794

Ransom.StopcryptRI.S26041584 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.82114
CAT-QuickHealRansom.StopcryptRI.S26041584
McAfeePacked-GEE!084CCFD504A5
CylanceUnsafe
SangforTrojan.Win32.Agent.gen
K7AntiVirusTrojan ( 0058cb591 )
AlibabaRansom:Win32/StopCrypt.e155a302
K7GWTrojan ( 0058cb591 )
Cybereasonmalicious.f99f25
CyrenW32/Kryptik.FWV.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.HNXC
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Tofsee-9919472-0
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderTrojan.GenericKDZ.82114
AvastWin32:AceCrypter-B [Cryp]
TencentWin32.Trojan.Kryptik.Eoq
Ad-AwareTrojan.GenericKDZ.82114
SophosML/PE-A + Mal/Agent-AWV
DrWebTrojan.MulDrop19.22677
ZillyaTrojan.Kryptik.Win32.3668102
TrendMicroRansom_StopCrypt.R002C0DA922
McAfee-GW-EditionBehavesLike.Win32.Generic.vm
FireEyeGeneric.mg.084ccfd504a5ab81
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.BSE.16VOW5Z
JiangminTrojan.Stop.csc
AviraTR/Crypt.Agent.jigvs
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.35025F6
GridinsoftRansom.Win32.STOP.sa
ArcabitTrojan.Generic.D140C2
MicrosoftRansom:Win32/StopCrypt.MZE!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R462691
VBA32BScope.TrojanSpy.Convagent
ALYacTrojan.GenericKDZ.82114
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_StopCrypt.R002C0DA922
RisingTrojan.Agent!8.B1E (CLOUD)
YandexTrojan.Kryptik!de6u90Tx284
IkarusTrojan.Win32.Raccrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HOCG!tr
BitDefenderThetaGen:NN.ZexaF.34182.@xW@aq64vUhK
AVGWin32:AceCrypter-B [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom.StopcryptRI.S26041584?

Ransom.StopcryptRI.S26041584 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment