Ransom

Ransom:Win32/StopCrypt.SAI!MTB removal

Malware Removal

The Ransom:Win32/StopCrypt.SAI!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.SAI!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom:Win32/StopCrypt.SAI!MTB?



File Info:

name: 79460D6FEE4B747A503B.mlw
path: /opt/CAPEv2/storage/binaries/49328ee8fc8301b5f3ed0c1e5a4efe568ca1448afb8dce66076d1eeeb32eeb40
crc32: 426E61DF
md5: 79460d6fee4b747a503b69af7a6e85b3
sha1: 4352c9bed1ce534fae4a0948e8b11bdb9dbfab19
sha256: 49328ee8fc8301b5f3ed0c1e5a4efe568ca1448afb8dce66076d1eeeb32eeb40
sha512: f60274be30c65d4fc8fa35d3f27af402d462be0acb9b40aebb3bf3a2de925f269dc424c1d66fac450529451621854d0226eaaa4900be7e91288d0673a2dd06b8
ssdeep: 6144:Kqy+bnr+hp0yN90QEIZP+Z54+YtoTbUZkM7xZd6U8kCSyiMQpa6OKgZ:KMr9y90zvZY0YrdL0SVUvKa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14984F107E6EC8136E9B457700DF602D31536BEB06B38839A274F695E0CB2664B63573B
sha3_384: c8a593229f4d62c02bfa10b4d73d450ae74f7bb1a0ea837755686d1334bdb17a0fe2857990c822faf3e9fe4c0114e572
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0419 0x04b0

Ransom:Win32/StopCrypt.SAI!MTB also known as:

LionicTrojan.Win32.Agent.Y!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.65331035
ClamAVWin.Packed.Disabler-9987080-0
McAfeeArtemis!79460D6FEE4B
MalwarebytesGeneric.Trojan.Injector.DDS
SangforTrojan.Win32.Agent.Vr3e
K7AntiVirusTrojan ( 0059e3df1 )
AlibabaTrojanSpy:Win32/Stealer.21d08552
K7GWTrojan ( 0059e3df1 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/KillAV.KMEF-6536
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyUDS:Trojan.MSIL.Agent.gen
NANO-AntivirusTrojan.Win32.Stealer.juyroz
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.MSIL.Agent.hg
F-SecureTrojan.TR/ATRAPS.Gen
DrWebTrojan.Siggen19.32857
VIPRETrojan.GenericKD.65331035
TrendMicroTrojanSpy.Win32.REDLINE.YXDCCZ
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.79460d6fee4b747a
SophosMal/Generic-S
SentinelOneStatic AI – Malicious SFX
AviraTR/ATRAPS.Gen
Antiy-AVLTrojan/Win32.CryptInject
MicrosoftRansom:Win32/StopCrypt.SAI!MTB
ZoneAlarmHEUR:Trojan.MSIL.Agent.gen
GDataWin32.Trojan-Stealer.Cordimik.8DOCRI
GoogleDetected
ALYacTrojan.GenericKD.65733898
Cylanceunsafe
TrendMicro-HouseCallTrojanSpy.Win32.REDLINE.YXDCCZ
RisingTrojan.Kryptik!1.E349 (CLASSIC:bWQ1Og1hFSx6Nlh97w)
YandexTrojan.Disabler!G6z7qDxyklM
IkarusTrojan.MSIL.Disabler
FortinetMSIL/Disabler.DR!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.fee4b7
PandaTrj/Chgt.AD

How to remove Ransom:Win32/StopCrypt.SAI!MTB?

Ransom:Win32/StopCrypt.SAI!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment