Categories: Ransom

Ransom:Win32/StopCrypt.SY!MTB malicious file

The Ransom:Win32/StopCrypt.SY!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/StopCrypt.SY!MTB virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Tswana
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Ransom:Win32/StopCrypt.SY!MTB?


File Info:
name: B61CD68ED130AB405202.mlwpath: /opt/CAPEv2/storage/binaries/c80baa0b7a14e76d06a6a0a9622dbfc165097e22e21117e2e4a803472033fa0dcrc32: 0125BA13md5: b61cd68ed130ab4052023da89782f56csha1: 96edcb8e17f4831dcc253d5dd1f4c1d857452607sha256: c80baa0b7a14e76d06a6a0a9622dbfc165097e22e21117e2e4a803472033fa0dsha512: 14d7850b16fb6b154c8d1ebe8085e4ee8d883bacd0bda96fe5cac2c9ff2d571cb60e4bb503472a5ae8125fbef7d5053fb4b227a13bb7b4a43159bb040965bea2ssdeep: 3072:AXii+vTUl8TJC/O87bCeRU5FvDlS6XYA6z4vBxLmGdRTun9cl5d0/pNxhsntp:05+voW8X+5Fv+yxrRKniWJhUtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10A44E0217692C072C49614748865EBA0AF7AB4702979885BF7A42B7E4F333C05BF735Bsha3_384: cd946a8081119a5ef2d0ed9673318b068022e258f0115eb9b50dce27a084a3aee7a40d5b28d7bfed3fcec6bbc9cbd875ep_bytes: e8bc4f0000e978feffff8bff51c701a4timestamp: 2022-01-30 06:43:19
Version Info:
FileVersions: 68.78.22.74InternationalName: povgwaoci.iweCopyright: Copyright (C) 2022, somoklosProjectVersion: 98.66.15.68

Ransom:Win32/StopCrypt.SY!MTB also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Multi.Generic.4!c
tehtris	Generic.Malware
DrWeb	Trojan.PWS.Stealer.33898
MicroWorld-eScan	Trojan.GenericKDZ.93063
FireEye	Generic.mg.b61cd68ed130ab40
ALYac	Trojan.GenericKDZ.93063
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059a01d1 )
Alibaba	Ransom:Win32/StopCrypt.4b2ece93
Cybereason	malicious.e17f48
Cyren	W32/Kryptik.HUW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HRIC
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Pwsx-9975723-0
Kaspersky	HEUR:Trojan.Win32.Packed.gen
BitDefender	Trojan.GenericKDZ.93063
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Trojan.GenericKDZ.93063
Sophos	ML/PE-A + Troj/Krypt-RQ
VIPRE	Trojan.GenericKDZ.93063
TrendMicro	TrojanSpy.Win32.REDLINE.YXCJ1Z
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dh
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKDZ.93063 (B)
SentinelOne	Static AI – Suspicious PE
GData	Win32.Trojan.PSE.19NVBGB
Google	Detected
Antiy-AVL	Trojan/Generic.ASMalwS.813F
Arcabit	Trojan.Generic.D16B87
Microsoft	Ransom:Win32/StopCrypt.SY!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R532001
Acronis	suspicious
McAfee	Artemis!B61CD68ED130
VBA32	BScope.Backdoor.Tofsee
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	TrojanSpy.Win32.REDLINE.YXCJ1Z
Rising	Trojan.Generic@AI.90 (RDML:9nfTxf1by8/Pu2iWCCdvrA)
Ikarus	Trojan.SmokeLoader
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.ETEM!tr
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/Chgt.AD