Trojan

TrojanDownloader:Win32/BlackMoon.YA!MTB removal instruction

Malware Removal

The TrojanDownloader:Win32/BlackMoon.YA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/BlackMoon.YA!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • CAPE detected the embedded win api malware family
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/BlackMoon.YA!MTB?



File Info:

name: 303D038621C2737F4438.mlw
path: /opt/CAPEv2/storage/binaries/a9332049b0b7861094a58dd332c1b56096862275b0dbaefd9a0b13e60f1b6098
crc32: 87B135C3
md5: 303d038621c2737f4438dbac5382d320
sha1: 676ed2db36145b67df39784617b231d754312142
sha256: a9332049b0b7861094a58dd332c1b56096862275b0dbaefd9a0b13e60f1b6098
sha512: 8e945aeed71239376a64bceda749f01e8a93130c467f23f89cad7e5ff6e9f7c7372ff22d193551e9f90ddf33cda00d42d49f046ed836bb072c4ecfe8e8c1f524
ssdeep: 393216:73DfnEK89k3Zx/wScr4yeFdBcmBdXOQyorxRuW9Vme:73DfhOKur6dlf+QvRL9Vm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T137D633660482B8B5F4456C20923EF4E6254A70336E9579B18E0FCEE6943BDD3E7D270B
sha3_384: 39891f0c000a4fc55014145d319103f2c06d3a0688ea3c6134483dd02dfb82b5d31c5d9a4b5b64c1570daabe69d129a7
ep_bytes: 60be0000a8008dbe001098ff5783cdff
timestamp: 2020-07-29 21:17:11


Version Info:

0: [No Data]

TrojanDownloader:Win32/BlackMoon.YA!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Miancha.4!c
AVGWin32:Malware-gen
DrWebTrojan.DownLoader25.10311
MicroWorld-eScanGen:Variant.Application.Graftor.700094
FireEyeGeneric.mg.303d038621c2737f
SkyhighBehavesLike.Win32.Agent.rc
McAfeeGenericRXAA-AA!303D038621C2
MalwarebytesGeneric.Malware/Suspicious
VIPREGen:Variant.Application.Graftor.700094
SangforTrojan.Win32.Save.a
AlibabaTrojanDownloader:Win32/Miancha.d0a2fbb5
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36802.@pGfaKshkNm
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.BlackMoon-7136668-0
KasperskyTrojan.Win32.Miancha.iua
BitDefenderGen:Variant.Application.Graftor.700094
NANO-AntivirusTrojan.Win32.Miancha.hprfch
TencentMalware.Win32.Gencirc.13c146ac
SophosTroj/Kryptik-JA
F-SecureHeuristic.HEUR/AGEN.1334351
ZillyaTrojan.Miancha.Win32.2937
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Application.Graftor.700094 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Miancha.it
GoogleDetected
AviraHEUR/AGEN.1334351
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win64.CoinMiner.xmr
MicrosoftTrojanDownloader:Win32/BlackMoon.YA!MTB
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Application.Graftor.DAAEBE
ZoneAlarmTrojan.Win32.Miancha.iua
GDataWin32.Trojan.Agent.WP
VaristW32/Farfli.FU.gen!Eldorado
AhnLab-V3Malware/Win32.Generic.C3367812
Acronissuspicious
ALYacTrojan.Agent.Blackmoon
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
RisingDownloader.Blackmoon!8.310C (TFE:5:UXLVCnPJBtJ)
YandexRiskware.BlackMoon!hb47TT9qcRA
IkarusTrojan-PSW.QQpass
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Emotet.FNSR!tr
Cybereasonmalicious.621c27
DeepInstinctMALICIOUS
alibabacloudMiner

How to remove TrojanDownloader:Win32/BlackMoon.YA!MTB?

TrojanDownloader:Win32/BlackMoon.YA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment