Ransom

Should I remove “Ransom:Win32/StopCrypt.SK!MTB”?

Malware Removal

The Ransom:Win32/StopCrypt.SK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.SK!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the STOP malware family
  • Attempts to modify proxy settings
  • Creates a known STOP-Djvu ransomware decryption instruction / key file.
  • Creates a known STOP ransomware variant mutex
  • STOP ransomware command line behavior detected
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/StopCrypt.SK!MTB?



File Info:

name: 2005D79A17CCAD864225.mlw
path: /opt/CAPEv2/storage/binaries/8a31e620b013c17942f55c923c84a5f8c8640321da9386994e529901b858f2be
crc32: A81C25CA
md5: 2005d79a17ccad864225bec01e397bcf
sha1: ac86f93548c767db384f79f2610e133b36dcd613
sha256: 8a31e620b013c17942f55c923c84a5f8c8640321da9386994e529901b858f2be
sha512: 17072273ae29dfc525bd25c4636c262c62c7f2c408822b756f97792a120cf05762bfdc802dc445e0d34288c4ae236909989db56cbee8ce184663dce84279d2e0
ssdeep: 12288:MUAaODxPXTT4Ak1tJv8BdoCWHcj4/ykoxZjg5dYT+QMuntg7:M1xjBdRWkHxZM5dYMu2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12AF412D132A0D13FC17AAA707822E2E665E13D12D1616A8737463F6E3F305902FFD696
sha3_384: 25a3e40b72aff78871d746face51a8bacb2d451073ffb2d4637fc9596e7f2765a745ef399cf5edd76ec20f296ab56067
ep_bytes: e8f4370000e978feffff8bff558bec83
timestamp: 2021-04-03 14:46:16


Version Info:

Translations: 0x0179 0x00aa

Ransom:Win32/StopCrypt.SK!MTB also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
tehtrisGeneric.Malware
CynetMalicious (score: 100)
McAfeePacked-GEE!2005D79A17CC
MalwarebytesMalware.AI.4164295558
SangforTrojan.Win32.Save.a
Cybereasonmalicious.548c76
CyrenW32/Kryptik.GNZ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HQXW
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Botx-9971431-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.62313232
MicroWorld-eScanTrojan.GenericKD.62313232
AvastWin32:PWSX-gen [Trj]
Ad-AwareTrojan.GenericKD.62313232
EmsisoftGen:Variant.Mikey.141332 (B)
TrendMicroTrojan.Win32.PRIVATELOADER.YXCIZZ
McAfee-GW-EditionBehavesLike.Win32.Generic.bc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.2005d79a17ccad86
SophosMal/Generic-S
IkarusTrojan.Win32.Azorult
WebrootW32.Packed.Heur
Antiy-AVLTrojan/Generic.ASCommon.2BA
MicrosoftRansom:Win32/StopCrypt.SK!MTB
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataWin32.Trojan-Ransom.STOP.LQBZ3D
GoogleDetected
AhnLab-V3Packed/Win.GEE.R522674
VBA32BScope.Trojan.Yakes
MAXmalware (ai score=99)
CylanceUnsafe
TrendMicro-HouseCallTrojan.Win32.PRIVATELOADER.YXCIZZ
RisingBackdoor.Androm!8.113 (TFE:5:GFbN9lp72GP)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Ursnif.BCED!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/StopCrypt.SK!MTB?

Ransom:Win32/StopCrypt.SK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment