Ransom

Ransom:Win32/StopCrypt.MZG!MTB removal

Malware Removal

The Ransom:Win32/StopCrypt.MZG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.MZG!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Kyrgyz
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family

How to determine Ransom:Win32/StopCrypt.MZG!MTB?



File Info:

name: 26BE3C0C5533FFDFD776.mlw
path: /opt/CAPEv2/storage/binaries/8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb
crc32: 3EC83487
md5: 26be3c0c5533ffdfd776e8798d9f624b
sha1: b7015b77ac7580e7589fe09807730993f049bab7
sha256: 8978ac77fcf0acbcfd44eef20ffad25b3a168fedc926f6f729060ae33c0bccdb
sha512: b6b4d121944a0f721bb5a83892020c190263f2b9222fc1151db5279922b646289d6a664500d662328af368ffcdcc3f01ce443f7d23cc9dfbbc72dc511090b59a
ssdeep: 6144:y0cLSwGD+NMHy2BQpbG6Sl227kN9zanQWoLzJg6oHvG7ITsqYigavwVfG:y0cuwGD+NMHyZG602l9zrVzJ1n7u7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18EA4E0D07690C8B1D49D3D728915CBE05B7BF872D6A49407FB34972E1EB23D0CA6631A
sha3_384: 83808bf47dccc7e667728751aa8dc393f61fe970ff13f3e6827be3dc0169f3bd489bca707c4c6b45633091bdbaf4c1d9
ep_bytes: e8215d0000e978feffff832544c94500
timestamp: 2020-08-07 03:17:57


Version Info:

FileVersion: 21.29.11.69
InternationalName: bomgveoci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.74.57
Translations: 0x0121 0x03ca

Ransom:Win32/StopCrypt.MZG!MTB also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.SmartFortress.lEDV
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48173347
FireEyeGeneric.mg.26be3c0c5533ffdf
McAfeePacked-GEE!26BE3C0C5533
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003e58dd1 )
K7GWTrojan ( 003e58dd1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34182.Cq0@a8haJ6lG
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOEL
APEXMalicious
ClamAVWin.Dropper.Raccoon-9916366-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.GenericKD.48173347
AvastWin32:CrypterX-gen [Trj]
SophosML/PE-A + Mal/Agent-AWV
McAfee-GW-EditionPacked-GEE!26BE3C0C5533
EmsisoftTrojan.GenericKD.48173347 (B)
IkarusTrojan.Win32.Crypt
Antiy-AVLTrojan/Generic.ASMalwS.351A4B3
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftRansom:Win32/StopCrypt.MZG!MTB
GDataTrojan.GenericKD.48173347
CynetMalicious (score: 100)
AhnLab-V3Packed/Win.GEE.R469380
VBA32BScope.Exploit.ShellCode
ALYacTrojan.GenericKD.48173347
MAXmalware (ai score=81)
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_GEN.R002H0CAT22
RisingMalware.Heuristic!ET#82% (RDMK:cmRtazoNX8bJHgF3+hSXRdyuunvH)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.ETEM!tr
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.7ac758
PandaTrj/Genetic.gen

How to remove Ransom:Win32/StopCrypt.MZG!MTB?

Ransom:Win32/StopCrypt.MZG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment