home

StopUSB.EXE

USB Security Application

Everstrike OOO

The application StopUSB.EXE by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘StopUSB’.
Publisher:
Everstrike OOO  (signed and verified)

Product:
USB Security Application

Version:
2, 3, 1, 0

MD5:
e011f08d0b45f7b84ca9fceb40833273

SHA-1:
5a294d275a3560b43253518412da9fe9a68f03af

SHA-256:
d3fd701c9aa10c9d5cd58fefa4628249a24915f2bcc56caf8c69553f642c7ee4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/9/2024 6:16:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstri (M)
16.8.19.1

File size:
2.9 MB (3,080,328 bytes)

Product version:
2, 3, 1, 0

Copyright:
Copyright (C) 2010

Original file name:
StopUSB.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\stopusb\client\stopusb.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
1/21/2010 1:00:00 AM

Valid to:
1/14/2011 12:59:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=n/a, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4F047BCF18A6FDD97F5D03D2A61289D8

File PE Metadata
Compilation timestamp:
7/6/2010 9:53:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:30w2QdfV8siD2ki6LmM8EMFFMF5O5Xl42iiD+iD1Q2rhXMAMYIu:bCrD21aOlZJXMAME

Entry address:
0x1000

Entry point:
68, 01, F0, 86, 00, E8, 01, 00, 00, 00, C3, C3, EA, 94, 1E, 59, 85, A9, 52, 0B, A5, 4B, 6A, 34, 99, F1, F9, CA, 9B, 80, 28, 39, 98, DF, 5B, 97, 96, 56, C0, F2, 53, 81, 70, EF, CB, E0, 2C, E5, 04, EF, F3, B0, F3, 45, 3C, 4F, FF, 12, C2, 7C, 3E, 56, 83, 3D, 0A, 70, 10, 60, C9, 6A, A3, E1, 08, 79, B6, 73, 2A, A1, 3A, 56, 2E, C4, D8, 41, 9F, 6A, A5, 0B, 9F, 7E, A8, 39, 43, 3A, 6A, 67, BB, F9, 6C, 09, 5C, 7D, 6D, FB, 9D, 57, F8, F2, 82, 55, 71, 75, 38, 20, 55, 7D, DD, 23, D3, E0, 3C, 67, AC, 0D, 4D, 4F, 64, 79...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,136,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
StopUSB

Command:
"C:\Program Files\stopusb\client\stopusb.exe" -t


Remove StopUSB.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.