Threat Database Ransomware Stop.PCQQ.RRBB Ransomware

Stop.PCQQ.RRBB Ransomware

By CagedTech in Ransomware

Threat Scorecard

Popularity Rank: 4,952
Threat Level: 100 % (High)
Infected Computers: 31,908
First Seen: May 13, 2021
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Stop.PCQQ/RRBB Ransomware
Signature status: No Signature

Known Samples

MD5: 0ca3e9912dabf7d45d28b0365d76788a
SHA1: 2d8e14b0fb0ed6359424aeb9c84dd616552ba3f5
SHA256: 4C3F9871F101CEAB19274E044E17481B85487DE9D0905AF6D69D342B6FB78F6B
File Size: 7.15 MB, 7153152 bytes
MD5: 631e10f06228cf52dfe09f3466f5e648
SHA1: 691c7643da2b41aa94ccb7357de05318a7532319
SHA256: BBBD03831E75FDA593F3C3B883BC39B192FD31811E717312623F46A7B1E75B47
File Size: 1.36 MB, 1363968 bytes
MD5: 24cdd7aec852f3860ce180715395b20e
SHA1: 7627f650ce226bda0cf6f186756b35901621acb0
SHA256: 004D36A7E7A4D9EC2D331277886483CF32508243BF4EB8ED80B939F4CFC26C46
File Size: 419.84 KB, 419840 bytes
MD5: 9935cc29d20e14dc8f59b7315ec6b3fd
SHA1: b3f15a61e553df28a4c4ebcc5a87032d9db82ce0
SHA256: 946B36BE1C841E16A6CB01976180698B668E3BBC8E6DF40F8EFFEFF0BE047486
File Size: 1.36 MB, 1358336 bytes
MD5: 3bbe0da218f5af524b9c4cf4b2c65a7c
SHA1: 53ca0c34d65449090b50f2ae0854bf1bc7817c92
SHA256: 2DFCA6EE1CAAF0B3118E3C747894891E2ACD6807448C8EEA32A854E919F26410
File Size: 393.22 KB, 393216 bytes
Show More
MD5: c16375b20bba2c5d37a79b9431a35df1
SHA1: 3ef56b03c00e6ffd88190f5c05a85410cefab1d9
SHA256: 7BB9F2A8D304F45CD51F3FFA3EE9FB31CADAC026D6EF3A82B0B7179F1BE37F2F
File Size: 446.98 KB, 446976 bytes
MD5: cf53bb58d0129fc48ff4e329f89051e7
SHA1: b6b48370c65d3affcb44430213971f1029b9040d
SHA256: F7AE2C5874B6C574C3BC6BF08FE2B23B91FBBE464A842F8D10CD0C410A54F8EC
File Size: 1.31 MB, 1306112 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description hgr
File Version 4, 9, 0, 0
Legal Copyright Copyright (C) 2022
Original Filename hgr.exe
Product Version 4, 9, 0, 0

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 3,838
Potentially Malicious Blocks: 3
Whitelisted Blocks: 2,969
Unknown Blocks: 866

Visual Map

0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? 0 ? ? 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 1 ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 ? ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 ? 0 0 ? ? 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 ? 0 0 0 ? ? ? 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? ? ? ? 0 0 0 ? ? 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 ? ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? 0 ? ? ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 ? 0 0 0 ? ? ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 0 0 ? ? 0 0 ? 0 0 0 ? ? 0 ? 0 0 ? 0 0 0 ? 0 0 ? ? 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? ? 0 0 0 ? ? ? 0 0 ? ? ? 0 ? 0 0 ? ? 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 ? ? 0 0 ? ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? 0 0 ? 0 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 ? 0 ? ? 0 ? ? ? ? 0 ? 0 0 0 0 ? ? ? 0 ? ? ? ? ? 0 0 ? ? 0 ? 0 ? 0 ? ? ? x ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? ? 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 ? ? ? ? 0 ? 0 ? ? ? ? ? 0 0 ? 0 ? ? ? 0 0 ? 0 ? ? 0 0 ? 0 0 ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Cridex.C
  • CryptoWall.S
  • Downloader.Agent.XC
  • Gamehack.FHA
  • Gamehack.HIE
Show More
  • Gamehack.NCC
  • Injector.MFA
  • Injector.XG
  • Keygen.FAE
  • Kryptik.BEFH
  • Kryptik.VCHO
  • Kryptik.VCKP
  • Qbot.CDF

Files Modified

File Attributes
c:\users\user\downloads\compile.txt Generic Write,Read Attributes
c:\users\user\downloads\error.txt Generic Write,Read Attributes

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Winsock
  • closesocket
  • connect
  • socket
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...