Ransom

Should I remove “Ransom:Win32/StopCrypt.SLO!MTB”?

Malware Removal

The Ransom:Win32/StopCrypt.SLO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/StopCrypt.SLO!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Kannada
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/StopCrypt.SLO!MTB?



File Info:

name: 14A34E59D3BE5682784D.mlw
path: /opt/CAPEv2/storage/binaries/a60af39f6197f95f9c3a60acb4ecd5e176ec1356f78da118392104e9ea7bd791
crc32: CFB6298A
md5: 14a34e59d3be5682784d7e86c4c39d68
sha1: 5fb489bc275fc0e9ba4f1ed256925132b4a0cd92
sha256: a60af39f6197f95f9c3a60acb4ecd5e176ec1356f78da118392104e9ea7bd791
sha512: 6c5f97522c7ecba2d65b439ac83b6adcd2dee3bf64cab42cc312173847aa8bdeac677840c95f64999f58426737974e57609acf2e44cbf46251c99b6bd0d2975e
ssdeep: 6144:9kkzwF2iJi2skk6D3KQHmBwA/4c05Ha43fG4dMTcIDLjp+n3ErwVfxz:9jzwAmi2dn3PHmBwAp6HNG4dMRrp+0o
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A574D06176A0C830E4A536308832DFA01ABEFD5669745A4B77B4375A7E733C02AB135F
sha3_384: 0af28a31a1a95ef7f1e783616d2c35c820b2b24c0533a5bf99ae8b0f4580393a70c2f7f438ba133e7cb8f4ae4dead02b
ep_bytes: e8535a0000e989feffffcccccccccccc
timestamp: 2021-07-16 20:15:06


Version Info:

FileVersions: 48.90.13.84
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 94.4.7.88

Ransom:Win32/StopCrypt.SLO!MTB also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
ClamAVWin.Dropper.Tofsee-9957066-0
FireEyeGeneric.mg.14a34e59d3be5682
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00516fdf1 )
K7GWTrojan ( 00516fdf1 )
CyrenW32/Kryptik.GVX.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
AvastBotX-gen [Trj]
SophosML/PE-A + Mal/Agent-AWV
Trapminemalicious.moderate.ml.score
IkarusTrojan.Crypter
MicrosoftRansom:Win32/StopCrypt.SLO!MTB
GoogleDetected
MalwarebytesTrojan.MalPack.GS
RisingTrojan.Generic@AI.81 (RDML:jjkX591ufwp8U01WGxkTtg)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
AVGBotX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Ransom:Win32/StopCrypt.SLO!MTB?

Ransom:Win32/StopCrypt.SLO!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment