Kuihmfghi Ransomware STOP/Djvu Analysis
| Online Virus Checker | v.1.0.139.174 |
| DB Version: | 2023-09-19 03:06:38 |
Ransom.Win32.STOP.bot!n
STOP/Djvu Ransomware, also known simply as STOP Ransomware or Djvu Ransomware, is a type of malicious software that encrypts the files on a victim's computer and demands a ransom for their decryption. This ransomware variant has been active for several years and has affected numerous users and organizations.
| File | Kuihmfghi |
| Checked | 2023-09-19 00:07:29 |
| MD5 | c588f42b82eadbc0d3ba66d2c929d3b1 |
| SHA1 | 37f2ea5581d78ef5ffcf5ae363519c9819255c30 |
| SHA256 | 8f0ce7cffca2f750a0d0dbb32bf9800f148446e84992bbea8d7ae62e1c1dd774 |
| SHA512 | 129c36e133d0d8f6fb53a05caacccb8bc03e37af029dd581fccc6fa1b2a6e3f99ce8996e12aa96de67c9618fd5640ec74186f57765749c73488be125d4096b0b |
| Imphash | b2e3875b9432f537090e379200a83dca |
| File Size | 4316040 bytes |
Ransom.Win32.STOP.bot!n Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win32.STOP.bot!n without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Signers
| 522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b | () |
| Verification | Chain verification from CN=522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b, 2.5.4.17=10805, ST=0b1c1115005f5c4e16070b061d170a03165d091002091700 (serial:136951341365290341083484116422059782377, sha1:c2661a664fe4ceaf495a5af930f6a448aa3813c2) failed: The X.509 certificate provided is self-signed - "Common Name: 522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b; Postal Code: 10805; State/Province: 0b1c1115494a5c18101602500b53081d121c021c1b120f07110e12511d161a5003091c030c1053460e4113160e181d130101060d401252070f0f08001312055b0c0b0a070b, 0b1c1115005f5c4e16070b061d170a03165d091002091700" |
File Version Information
| FileDescription | Imbaculus |
| LegalCopyright | Copyright (C) 2022, Unihum |
| ProductsVersion | 29.510.12.19 |
| ProductName | Kuihmfghi |
| ProductionVersion | 153.24.90.66.7 |
| Translation | 0x05c0 0x0ad4 |
Portable Executable Info
 |
9c8b2351e82a3eee1e9a8180d434b4b4 b2326dc2fbfa0536635bfa61109dbcfb bce9f6f2e0c4ebf4 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00403e10 |
| Compilation: | 2022-06-25 15:04:44 |
| Checksum: | 0x0042c988 (Actual: 0x004250a5) |
| OS Version: | 5.0 |
| PDB Path: | C:\rowemebo_bulekutug_letotut.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | Chain verification from CN=522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b, 2.5.4.17=10805, ST=0b1c1115005f5c4e16070b061d170a03165d091002091700 (serial:136951341365290341083484116422059782377, sha1:c2661a664fe4ceaf495a5af930f6a448aa3813c2) failed: The X.509 certificate provided is self-signed - "Common Name: 522910322628070b250c52200b542f1a57031b422732351e332f4620190820022d0b; Postal Code: 10805; State/Province: 0b1c1115494a5c18101602500b53081d121c021c1b120f07110e12511d161a5003091c030c1053460e4113160e181d130101060d401252070f0f08001312055b0c0b0a070b, 0b1c1115005f5c4e16070b061d170a03165d091002091700" |
| Sections: | 4 |
| Imports: | KERNEL32, USER32, |
| Exports: | 0 |
| Resources: | 31 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00408826 | 0x00408a00 | de6bbd8666ef15f508378ede3aba86fb | 8.00 |
| .data | 0x0040a000 | 0x000b1c08 | 0x00003000 | ba939585f2567284342de8b8235afe1b | 1.84 |
| .rsrc | 0x004bc000 | 0x00459498 | 0x0000c600 | 5bf746d69eba83cadc831619b731cc02 | 3.95 |
| .reloc | 0x00916000 | 0x00004b72 | 0x00004c00 | d33cb4483340c73bca7a9b0991c41493 | 1.62 |
