Ransom

How to remove “Ransom:Win32/StopCrypt.SAH!MTB”?

Malware Removal

The Ransom:Win32/StopCrypt.SAH!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.SAH!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom:Win32/StopCrypt.SAH!MTB?



File Info:

name: D28858F491DDC072B55E.mlw
path: /opt/CAPEv2/storage/binaries/cd1a21baed05e06c4880f35d41655539e4bddf16c0c29243e092c3ff82d11f6b
crc32: 326AAC8D
md5: d28858f491ddc072b55ea0bc97fb9b1f
sha1: ea29733cbe6b544d3e1fbee88ed43c6bce1e2361
sha256: cd1a21baed05e06c4880f35d41655539e4bddf16c0c29243e092c3ff82d11f6b
sha512: ef22edfae8634b817a6a284ab544cc7a4ed0925490bd07ba5a2c7a3987abe44ef5c8a240690578ff5ac61018eb099bf6e1630039b5a43b1b17ca415f0b63ed1f
ssdeep: 12288:1Mrry90GJTHkHQBvqLppRAQFiJAdjCBu:ayNzkHYqppZHdj+u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19E84F10BFBEC9032D8B0573069F607C3067A7E659B38929A134FBC5A1873670A53576B
sha3_384: 636fb8933b9bbe1a60fad78625647edb45405c9d3eb980251eec3fb4bc2f681aef1100527e1aaf937f4b306fb1144450
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Ransom:Win32/StopCrypt.SAH!MTB also known as:

LionicTrojan.Win32.Stealer.12!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
CAT-QuickHealTrojan.MSIL
McAfeeArtemis!D28858F491DD
MalwarebytesGeneric.Trojan.Injector.DDS
ZillyaTrojan.Agent.Win32.3253363
SangforTrojan.Win32.Agent.Vh6u
K7AntiVirusTrojan ( 0059e3df1 )
AlibabaTrojanSpy:Win32/Stealer.104e8bab
K7GWTrojan ( 0059e3df1 )
Cybereasonmalicious.491ddc
CyrenW32/KillAV.KMEF-6536
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Disabler-9987080-0
KasperskyUDS:Trojan.MSIL.Agent.gen
NANO-AntivirusTrojan.Win32.Disabler.juysfr
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
MicroWorld-eScanTrojan.GenericKD.65331035
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.MSIL.Agent.hg
DrWebTrojan.Siggen19.32857
VIPRETrojan.GenericKD.65331035
TrendMicroTROJ_GEN.R002C0PBS23
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.d28858f491ddc072
IkarusTrojan.MSIL.Disabler
GDataWin32.Trojan-Stealer.Cordimik.DRD9VE
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.Kryptik
MicrosoftRansom:Win32/StopCrypt.SAH!MTB
GoogleDetected
ALYacTrojan.GenericKD.65722598
Cylanceunsafe
RisingTrojan.Kryptik!1.E2E3 (CLASSIC:bWQ1Og1hFSx6Nlh97w)
YandexTrojan.Disabler!G6z7qDxyklM
SentinelOneStatic AI – Malicious SFX
MaxSecureTrojan.Malware.8703358.susgen
FortinetMSIL/Disabler.DR!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Chgt.AD
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/StopCrypt.SAH!MTB?

Ransom:Win32/StopCrypt.SAH!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment