Categories: Ransom

Ransom:Win32/STOP.BS!rfn removal guide

The Ransom:Win32/STOP.BS!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/STOP.BS!rfn virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
A named pipe was used for inter-process communication
Reads data out of its own binary image
Drops a binary and executes it
Performs some HTTP requests
Unconventionial language used in binary resources: Georgian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Installs itself for autorun at Windows startup
Writes a potential ransom message to disk
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.2ip.ua

cjto.top

How to determine Ransom:Win32/STOP.BS!rfn?


File Info:
crc32: 3C11642Dmd5: af0b8f5af76165683f16c178e20703f0name: upload_filesha1: 9d6e0772131c0a338caa0458e59b9e66f6ee1e2csha256: 22ed8ba56c9a195d2f2b50133b9ba06e6cc0705fd3003cd76c2717547443f3d4sha512: 99010c90cf3d71d1577724f3726a90d03e49595f7b32d7daf50ff076bd712d383c34639a28ab3c49c45e468ee4cbc186ba39b28806ab74c9f3705b376dcdf03assdeep: 24576:9r33kKHXw2x9eo20ZcWB7kHkIreRbLd6:9LkKgo1Z/BIEIr2type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
InternalName: snagbos.exeFileVersion: 1.2.58Copyright: Copyrighd (C) 2020, humkTranslationUsi: 0x0032 0x0ce3

Ransom:Win32/STOP.BS!rfn also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.43905709
FireEye	Generic.mg.af0b8f5af7616568
ALYac	Trojan.Ransom.Stop
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056f7f71 )
BitDefender	Trojan.GenericKD.43905709
K7GW	Trojan ( 0056f7f71 )
CrowdStrike	win/malicious_confidence_60% (W)
Invincea	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZexaF.34282.YmKfamm5VjaG
Cyren	W32/Trojan.ACMJ-2934
Symantec	Trojan.Gen.2
TrendMicro-HouseCall	Ransom_STOP.R002C0DIS20
Avast	Win32:TrojanX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	Exploit.Win32.Shellcode.ues
Alibaba	Exploit:Win32/Shellcode.7580ec06
NANO-Antivirus	Trojan.Win32.Stop.hwerdd
ViRobot	Trojan.Win32.Z.Kryptik.831488.KN
APEX	Malicious
Ad-Aware	Trojan.GenericKD.43905709
Emsisoft	Trojan.GenericKD.43905709 (B)
Comodo	Malware@#13ysxutc5pfza
F-Secure	Trojan.TR/Crypt.Agent.amupd
DrWeb	Trojan.DownLoader34.52874
Zillya	Exploit.ShellCode.Win32.232
TrendMicro	Ransom_STOP.R002C0DIS20
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Sophos	Mal/Generic-S
SentinelOne	DFI – Malicious PE
Avira	TR/Crypt.Agent.amupd
MAX	malware (ai score=80)
Antiy-AVL	Trojan[Exploit]/Win32.ShellCode
Microsoft	Ransom:Win32/STOP.BS!rfn
Arcabit	Trojan.Generic.D29DF2AD
ZoneAlarm	Exploit.Win32.Shellcode.ues
GData	Win32.Trojan.PSE.1MNI4PH
AhnLab-V3	Trojan/Win32.MalPe.R352101
Acronis	suspicious
McAfee	Artemis!AF0B8F5AF761
VBA32	TrojanRansom.Stop
Malwarebytes	Ransom.Stop
Panda	Generic Malware
ESET-NOD32	Win32/Filecoder.STOP.A
Rising	Malware.Obscure/Heur!1.9E03 (CLASSIC)
Ikarus	Trojan-Ransom.Crypted007
eGambit	Unsafe.AI_Score_96%
Fortinet	W32/Kryptik.HGGP!tr
AVG	FileRepMalware
Paloalto	generic.ml
Qihoo-360	Generic/HEUR/QVM11.1.2D83.Malware.Gen