Ransom

Ransom:Win32/StopCrypt.PAW!MTB removal guide

Malware Removal

The Ransom:Win32/StopCrypt.PAW!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.PAW!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Xhosa
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Ransom:Win32/StopCrypt.PAW!MTB?



File Info:

name: 45B39868745888B8190E.mlw
path: /opt/CAPEv2/storage/binaries/80cd0d21b194dfe51e804ae9cc8c310c9dad7f7a7c29158bfc1b06cb5598918d
crc32: B5F9BA0A
md5: 45b39868745888b8190e3ee7b5a83aae
sha1: 6685d5652d305798619838f6ea724ebc7ce7910b
sha256: 80cd0d21b194dfe51e804ae9cc8c310c9dad7f7a7c29158bfc1b06cb5598918d
sha512: 46fafcd4b83a66eebeb08151c35bb609784b55d2f0d5199fa531f594e529df77868ecb5ed4eee6a24db5f1e680e1228cecb8704f5e3cd3b3937b9ee758d1b79a
ssdeep: 3072:Mgocnb0LLkDwxYxYT+RRp4VuWgrX5gaHQsFapDnwN60sxkgaBCh+D6Qa9:MgoJLLgwS/Gu/X51HmVBigayQi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19564BE117AC0E872C4921D749964DAE15A3BF831DA60A247F7E8BB2F2E303E15776353
sha3_384: 221e3c04f354a647c00e28d0462108ffcbc66ddb260a99b221d8cdd34cb9f62d592dcbd17b110277cb4594574908edba
ep_bytes: e8cd5e0000e979feffff8bff558bec8b
timestamp: 2020-08-15 01:17:06


Version Info:

FileVersion: 21.79.11.69
InternationalName: pomgveoci.iwe
Copyright: Copyrighz (C) 2021, fudkorta
Translations: 0x0127 0x010f

Ransom:Win32/StopCrypt.PAW!MTB also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.DiskWriter.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.48279666
FireEyeGeneric.mg.45b39868745888b8
CAT-QuickHealTrojanransom.Stop
McAfeePacked-GDT!45B398687458
MalwarebytesTrojan.MalPack.GS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 003e58dd1 )
AlibabaMalware:Win32/km_24adf.None
K7GWTrojan ( 0058e13b1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Injuke.M.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HOGS
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.GenericKD.48279666
TencentWin32.Trojan.Stop.Pdwd
Ad-AwareTrojan.GenericKD.48279666
EmsisoftTrojan.GenericKD.48279666 (B)
DrWebTrojan.Siggen16.39781
TrendMicroTROJ_GEN.R002C0PB722
McAfee-GW-EditionBehavesLike.Win32.Generic.fm
SophosMal/Generic-R + Mal/Agent-AWV
Paloaltogeneric.ml
GDataTrojan.GenericKD.48279666
WebrootW32.DiskWriter
Antiy-AVLTrojan[Ransom]/Win32.STOP
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2E0B072
ZoneAlarmHEUR:Trojan-Ransom.Win32.Stop.gen
MicrosoftRansom:Win32/StopCrypt.PAW!MTB
AhnLab-V3Infostealer/Win.SmokeLoader.R470875
BitDefenderThetaGen:NN.ZexaF.34212.sq0@amS9DZpK
ALYacTrojan.GenericKD.48279666
MAXmalware (ai score=84)
VBA32TrojanSpy.Stealer
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PB722
RisingRansom.Stop!8.10810 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.ERHN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A

How to remove Ransom:Win32/StopCrypt.PAW!MTB?

Ransom:Win32/StopCrypt.PAW!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment