Ransom Win32 STOP - Scan Report

Online Virus Checker	v.1.0.139.174
DB Version:	2023-09-19 03:06:38
Available languages:

Scan Your File

Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).

Ransom.Win32.STOP.bot!n

STOP/Djvu Ransomware, also known simply as STOP Ransomware or Djvu Ransomware, is a type of malicious software that encrypts the files on a victim's computer and demands a ransom for their decryption. This ransomware variant has been active for several years and has affected numerous users and organizations.

Checked:	2023-09-19 00:07:29
MD5:	c588f42b82eadbc0d3ba66d2c929d3b1
SHA1:	37f2ea5581d78ef5ffcf5ae363519c9819255c30
SHA256:	8f0ce7cffca2f750a0d0dbb32bf9800f148446e84992bbea8d7ae62e1c1dd774
SHA512:	129c36e133d0d8f6fb53a05caacccb8bc03e37af029dd581fccc6fa1b2a6e3f99ce8996e12aa96de67c9618fd5640ec74186f57765749c73488be125d4096b0b
Imphash:	b2e3875b9432f537090e379200a83dca
File Size:	4316040 bytes

Ransom.Win32.STOP.bot!n Removal

Gridinsoft has the capability to identify and eliminate Ransom.Win32.STOP.bot!n without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

Signers

522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b	()
Verification	Chain verification from CN=522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b, 2.5.4.17=10805, ST=0b1c1115005f5c4e16070b061d170a03165d091002091700 (serial:136951341365290341083484116422059782377, sha1:c2661a664fe4ceaf495a5af930f6a448aa3813c2) failed: The X.509 certificate provided is self-signed - "Common Name: 522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b; Postal Code: 10805; State/Province: 0b1c1115494a5c18101602500b53081d121c021c1b120f07110e12511d161a5003091c030c1053460e4113160e181d130101060d401252070f0f08001312055b0c0b0a070b, 0b1c1115005f5c4e16070b061d170a03165d091002091700"

File Version Information

FileDescription	Imbaculus
LegalCopyright	Copyright (C) 2022, Unihum
ProductsVersion	29.510.12.19
ProductName	Kuihmfghi
ProductionVersion	153.24.90.66.7
Translation	0x05c0 0x0ad4

Portable Executable Info

	9c8b2351e82a3eee1e9a8180d434b4b4 b2326dc2fbfa0536635bfa61109dbcfb bce9f6f2e0c4ebf4
Image Base:	0x00400000
Entry Point:	0x00403e10
Compilation:	2022-06-25 15:04:44
Checksum:	0x0042c988 (Actual: 0x004250a5)
OS Version:	5.0
PDB Path:	C:\rowemebo_bulekutug_letotut.pdb
PEiD:	PE32 executable (GUI) Intel 80386, for MS Windows
Sign:	Chain verification from CN=522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b, 2.5.4.17=10805, ST=0b1c1115005f5c4e16070b061d170a03165d091002091700 (serial:136951341365290341083484116422059782377, sha1:c2661a664fe4ceaf495a5af930f6a448aa3813c2) failed: The X.509 certificate provided is self-signed - "Common Name: 522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b; Postal Code: 10805; State/Province: 0b1c1115494a5c18101602500b53081d121c021c1b120f07110e12511d161a5003091c030c1053460e4113160e181d130101060d401252070f0f08001312055b0c0b0a070b, 0b1c1115005f5c4e16070b061d170a03165d091002091700"
Sections:	4
Imports:	KERNEL32, USER32,
Exports:	0
Resources:	31

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
.text	0x00001000	0x00408826	0x00408a00	de6bbd8666ef15f508378ede3aba86fb	8.00
.data	0x0040a000	0x000b1c08	0x00003000	ba939585f2567284342de8b8235afe1b	1.84
.rsrc	0x004bc000	0x00459498	0x0000c600	5bf746d69eba83cadc831619b731cc02	3.95
.reloc	0x00916000	0x00004b72	0x00004c00	d33cb4483340c73bca7a9b0991c41493	1.62

Using this site