Ransom

Ransom:Win32/StopCrypt.PMB!MTB information

Malware Removal

The Ransom:Win32/StopCrypt.PMB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/StopCrypt.PMB!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Uzbek (Latin)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Ransom:Win32/StopCrypt.PMB!MTB?


File Info:

name: A47A3235C0C9FEACFD40.mlw
path: /opt/CAPEv2/storage/binaries/5d5cbaa519957d6204ed9801a22a82e5fd8074f04c2ef24717e8d462f8a65f20
crc32: 701BE396
md5: a47a3235c0c9feacfd401fb0ca2b053e
sha1: e6a82dd5f3643d2d404df1c4d3267d96e6f1911c
sha256: 5d5cbaa519957d6204ed9801a22a82e5fd8074f04c2ef24717e8d462f8a65f20
sha512: 1256a3dfb67df875b837091b69a09c39e9eb3ff02794b91dd1c50a56605c149beccbb9a140f6f5bc827401ed35b0c09944e6403c38bed23665c8bc255a45a6fd
ssdeep: 6144:UwvmGr/154lbINIp8d6hntHDnaT9YiJfh/l+tVYIOODcybhDJC:UIm00is8d6hlDnwYYh/l+toYFhDJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6549D00BB90D035F1BB12F4497A83B8B93D7EA19B2555CB62D43AEE56346E0EC3171B
sha3_384: 6f46ccc7f0ecb546e9d6cb4b7ad68c72fa81284e7d626930197bc0c942e4ca365475cddddfefdfe170c236c221013390
ep_bytes: 8bff558bece836d30000e8110000005d
timestamp: 2021-08-08 05:24:34

Version Info:

Translations: 0x0208 0x02be

Ransom:Win32/StopCrypt.PMB!MTB also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ser.Mikey.2381
FireEyeGeneric.mg.a47a3235c0c9feac
CAT-QuickHealRansom.Stop.P5
McAfeePacked-GEE!A47A3235C0C9
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005927d91 )
AlibabaRansom:Win32/StopCrypt.d5babff3
K7GWTrojan ( 005927d91 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Kryptik.GKO.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HPME
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Dropperx-9949379-0
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Variant.Ser.Mikey.2381
AvastWin32:AceCrypter-W [Cryp]
TencentWin32.Trojan.Agent.Llqw
Ad-AwareGen:Variant.Ser.Mikey.2381
TACHYONTrojan/W32.Agent.297472.IM
DrWebTrojan.DownLoader44.58501
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
EmsisoftGen:Variant.Ser.Mikey.2381 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1YKZTLC
JiangminTrojan.Stop.dza
MicrosoftRansom:Win32/StopCrypt.PMB!MTB
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Stop.R490747
ALYacGen:Variant.Ser.Mikey.2381
MAXmalware (ai score=83)
VBA32TrojanBanker.Danabot
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTrojanSpy.Win32.REDLINE.YXCEKZ
RisingMalware.Obscure!1.A3BB (CLOUD)
IkarusTrojan-Ransom.StopCrypt
FortinetW32/Packed.GEE!tr
AVGWin32:AceCrypter-W [Cryp]
Cybereasonmalicious.5f3643
PandaTrj/Genetic.gen

How to remove Ransom:Win32/StopCrypt.PMB!MTB?

Ransom:Win32/StopCrypt.PMB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment