Categories: Ransom

Ransom:Win32/StopCrypt.PBH!MTB information

The Ransom:Win32/StopCrypt.PBH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/StopCrypt.PBH!MTB virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Uzbek (Latin)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the RedLine malware family

How to determine Ransom:Win32/StopCrypt.PBH!MTB?


File Info:
name: 34985B70D88218BC7803.mlwpath: /opt/CAPEv2/storage/binaries/8276ccac38995bd49b021ab4b7fcc261c42eb4a0c28611d3fc3c8013e5703363crc32: D4395AEFmd5: 34985b70d88218bc780367c1eed71225sha1: bd5d76b4f6828162a91039aacf75c511f1f44a32sha256: 8276ccac38995bd49b021ab4b7fcc261c42eb4a0c28611d3fc3c8013e5703363sha512: 0f931622669bdafcf9c38bcdc2a103004f27a4c2d9c9e755d52b8121bc754795cea823847ba9a6806e94d9b7cf8203498f6a6783c28e22a1fbcd258396aa25a9ssdeep: 6144:7DirD54mwHb3qGfHVJSPNN+WUYqY84QJAqc6tg70pUkNp/4uDuQTBraRAYUUYl8:6rD5k7aGf1JSPDVqY84QJDc6YkNpwKuCtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12A84CF10B790D035F5F722F45ABA8368B92E7EA1AB2050CF22D566EE57356E0DC3131Bsha3_384: 15ec32d650de0a4f3422eae3d30c6e53b66bb64e2befc0395029008a644c1ff9142794db02ff0b970cddaf0b5993878eep_bytes: 8bff558bece8e6820000e8110000005dtimestamp: 2020-11-17 06:11:49
Version Info:
Translations: 0x0292 0x0303

Ransom:Win32/StopCrypt.PBH!MTB also known as:

Bkav	W32.AIDetect.malware2
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Heur.Mint.Zard.52
CAT-QuickHeal	Trojan.Zenpak
ALYac	Gen:Heur.Mint.Zard.52
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005690671 )
BitDefender	Gen:Heur.Mint.Zard.52
K7GW	Trojan ( 005690671 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Mint.Zard.52
Cyren	W32/Kryptik.GKO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HPEP
TrendMicro-HouseCall	Ransom_StopCrypt.R002C0DDT22
ClamAV	Win.Packed.Dropperx-9943723-0
Kaspersky	UDS:Trojan.Win32.Zenpak
Alibaba	Ransom:Win32/StopCrypt.6a748479
ViRobot	Trojan.Win32.Z.Zenpak.386048
Rising	Trojan.Generic!8.C3 (CLOUD)
Ad-Aware	Gen:Heur.Mint.Zard.52
Sophos	Mal/Generic-R + Troj/Krypt-FV
DrWeb	Trojan.PWS.Stealer.32828
TrendMicro	Ransom_StopCrypt.R002C0DDT22
McAfee-GW-Edition	BehavesLike.Win32.Virut.fc
FireEye	Generic.mg.34985b70d88218bc
Emsisoft	Trojan.Crypt (A)
APEX	Malicious
Jiangmin	Trojan.Cutwail.kb
Avira	TR/AD.GenSHCode.kxknj
Microsoft	Ransom:Win32/StopCrypt.PBH!MTB
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
GData	Win32.Trojan.PSE.1NV2SUE
Cynet	Malicious (score: 100)
AhnLab-V3	Ransomware/Win.Stop.R483962
McAfee	Packed-GEE!34985B70D882
MAX	malware (ai score=82)
VBA32	Trojan.Generic
Malwarebytes	Trojan.MalPack.GS
Ikarus	Trojan.Win32.SmokeLoader
Panda	Trj/Genetic.gen
Tencent	Backdoor.MSIL.Convagent.ha
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Packed.376C!tr
AVG	Win32:RansomX-gen [Ransom]
Cybereason	malicious.4f6828
Avast	Win32:RansomX-gen [Ransom]