BScope.Backdoor.BlackMoon removal tips

The BScope.Backdoor.BlackMoon is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What BScope.Backdoor.BlackMoon virus can do?

Executable code extraction
Creates RWX memory
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.

How to determine BScope.Backdoor.BlackMoon?


File Info:
crc32: 43943B78
md5: 7885ea5179808be292b404da90c51aea
name: 7885EA5179808BE292B404DA90C51AEA.mlw
sha1: 1926d8b70b8a20482451b6e55c6fed119e60a619
sha256: ffd21df15c042618ec6b3348406bb6727d1149067ad5a257c45f97a23c4bc7c2
sha512: 92e9783c75fcfc47b5304ec334f28f5428a5d985d43f102d2ce27d9a13d8cc3389fe2607ba385869d03b009280fe2aed71c859a4a5fec4cbafd41aa87366ebd5
ssdeep: 6144:DOGjir2nV7xnn3PjUHwfTFakIp/02ci7pZl7dFxvRJm0iHDpYHzY+1qFB68z:DOGj1jUukDGilZlfGH1YHzyM8z
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248
FileVersion: 1.0.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: Steamx4e00x952ex4e0ax53f7
ProductVersion: 1.0.0.0
FileDescription: x53eax7528x4e8ex5b66x4e60x4ea4x6d41x4f7fx7528xff0cx8bf7x52ffx7528x4e8ex5176x4ed6x975ex6cd5x7528x9014xff0cx5426x5219x540ex679cx81eax8d1fxff01
Translation: 0x0804 0x04b0

BScope.Backdoor.BlackMoon also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005257651 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Zillya	Virus.Hupigon.Win32.5
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
K7GW	Trojan ( 005257651 )
Cybereason	malicious.70b8a2
Cyren	W32/Downloader.AT.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Zoner	Probably Heur.ExeHeaderP
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Sophos	Mal/Behav-004
Comodo	Backdoor.Win32.Popwin.~IQ@ogvrk
BitDefenderTheta	Gen:NN.ZexaF.34758.umKda4baE1bb
VIPRE	Packer.NSAnti.Gen (v)
McAfee-GW-Edition	BehavesLike.Win32.ExploitMydoom.fc
FireEye	Generic.mg.7885ea5179808be2
SentinelOne	Static AI – Malicious PE
Webroot	W32.Bifrose.Gen
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASCommon.FA
Gridinsoft	Pack.Win32.Gen.bot!ep-44128
GData	Win32.Application.PUPStudio.A
Acronis	suspicious
VBA32	BScope.Backdoor.BlackMoon
TrendMicro-HouseCall	TROJ_GEN.R005H0CFG21
Rising	Malware.Heuristic!ET#96% (RDMK:cmRtazpsX2MeOTz0oKravOc17Bgx)
Yandex	Packed/NSPack
Ikarus	Backdoor.Win32.Hupigon
MaxSecure	Dropper.Dinwod.frindll
AVG	Win32:Evo-gen [Susp]

How to remove BScope.Backdoor.BlackMoon?

BScope.Backdoor.BlackMoon removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X