New Multi-Stage StopCrypt Ransomware

The SonicWall Capture Labs threat research team recently observed a new variant of StopCrypt ransomware.

The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code. Infection Cycle At the start of execution, it creates a string of msim32.dll on the stack, and, using LoadLibrary, loads the Dll. The significance of why it is doing this is a mystery, as that is not used in the process.

Read more…
Source: SonicWall Security Centre