Ransom Win32 STOP - Scan Report
| Online Virus Checker | v.1.0.139.174 |
| DB Version: | 2023-09-19 02:01:30 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Ransom.Win32.STOP.ca
STOP/Djvu Ransomware, also known simply as STOP Ransomware or Djvu Ransomware, is a type of malicious software that encrypts the files on a victim's computer and demands a ransom for their decryption. This ransomware variant has been active for several years and has affected numerous users and organizations.
| Checked: | 2023-09-18 23:34:50 |
| MD5: | 75747bfd55fe1ae1d3cfef6264ec582b |
| SHA1: | 783e5538edcca02d061dd21085097f2d104ea098 |
| SHA256: | abc29462bf6643a78fd8ebce22af6423456be4a1f7982cacddf0d05769b3847f |
| SHA512: | 4688779c6a1efb1b379b1af15533179a30cef5ee1b13d69878dcfb44b647f728dd86bdbabd0e1674c6552c2fae6aa7d18673d9119706b5e67d93aed93549316e |
| Imphash: | b5d21c7b01a6fc37863814a89f8ee87a |
| File Size: | 717312 bytes |
Ransom.Win32.STOP.ca Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win32.STOP.ca without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| FileDescription | Silvuple |
| LegalCopyright | Copyright (C) 2022, Uniqum |
| OriginalFilename | petshop.exe |
| ProductsVersion | 9.50.11.69 |
| ProductName | Junfsiol |
| ProductionVersion | 82.67.62.16 |
| Translation | 0x05bf 0x0ad5 |
Portable Executable Info
 |
aea99008a1672f357d84bda60f257a4c 8ee2008a40dfe234d78be2850a57fd44 bce9f6f2e0c4ebf4 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x004052c8 |
| Compilation: | 2023-01-15 00:54:31 |
| Checksum: | 0x000b415e (Actual: 0x000b415e) |
| OS Version: | 5.0 |
| PDB Path: | C:\ravopupasake83\nag\1\diza\32\mazosem bozixaga73\muvi84\zoleta.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 4 |
| Imports: | KERNEL32, USER32, GDI32, |
| Exports: | 0 |
| Resources: | 13 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0009f0f0 | 0x0009f200 | 3d20ded6c528d9c5652f20ea88dd46cd | 7.97 |
| .data | 0x000a1000 | 0x0201df64 | 0x00002a00 | acebddd5334fe4edc7334aecbcb9311a | 1.15 |
| .rsrc | 0x020bf000 | 0x00004bd8 | 0x00004c00 | dd846a84735306584c28a5b2f63db6d4 | 4.06 |
| .reloc | 0x020c4000 | 0x0000852c | 0x00008600 | c8035141d694927d210d6f85b07db748 | 0.94 |
