Malware

Win32/Packed.BlackMoon.A suspicious malicious file

Malware Removal

The Win32/Packed.BlackMoon.A suspicious is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.BlackMoon.A suspicious virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Packed.BlackMoon.A suspicious?



File Info:

name: A8BA9F2E9ACEDB282575.mlw
path: /opt/CAPEv2/storage/binaries/9b1cf7a62e43bbd019fa2b1e2379f558d3b9ee2f9b1821455446e5e883bf57f3
crc32: AB38991B
md5: a8ba9f2e9acedb282575f81a4e3ec71e
sha1: c63a7e9f57ebc2bcc5043deb1353078a3c95ad10
sha256: 9b1cf7a62e43bbd019fa2b1e2379f558d3b9ee2f9b1821455446e5e883bf57f3
sha512: cb0896718fd3afddba2d5a90d64256efa1b964725f37e3cca53dae82cc150056aee9ae228807b86e8b3409467098ab972580dc81e186b1d81f27b2dbc40e7d60
ssdeep: 12288:/Et94Gr2AduUhQ59YhDtsr2YtMrz6Z5U7UJfkOfe/CBw55X6XRSBc4S/HFk2v4i+:/WtiGF2v2p6Z5U7UJ4/CBw54XRSBc4SG
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T114A47C126AB0A073D115B076C4E227779BBC4A620E69C37797ACCD687F60D21861FE1F
sha3_384: 58eef1f9288eec48b63a4bda0357c97a3e8c98aa9b6cb577e264c62ce5d0b418a120eefacb999cd436a10ff92280be41
ep_bytes: 558bec6aff68c8bf430068c84d420064
timestamp: 2022-02-07 10:54:32


Version Info:

FileVersion: 1.0.0.1
FileDescription: Service
ProductName: Service
ProductVersion: 1.0.0.1
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: Service
Translation: 0x0804 0x04b0

Win32/Packed.BlackMoon.A suspicious also known as:

Elasticmalicious (high confidence)
CAT-QuickHealTrojan.AgentRI.S28136135
CylanceUnsafe
SangforTrojan.Win32.Save.BlackMoon
Cybereasonmalicious.f57ebc
ESET-NOD32a variant of Win32/Packed.BlackMoon.A suspicious
ClamAVWin.Dropper.Tiggre-9845940-0
AvastWin32:TrojanX-gen [Trj]
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a8ba9f2e9acedb28
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.CoinMiner
GDataWin32.Trojan.PSE.11N2JTZ
AviraHEUR/AGEN.1227903
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
VBA32BScope.Trojan.Dynamer
MalwarebytesTrojan.Injector
RisingAdware.Agent!1.DB50 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.140311617.susgen
BitDefenderThetaGen:NN.ZexaF.34742.Eq2@aCG9DGkb
AVGWin32:TrojanX-gen [Trj]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Win32/Packed.BlackMoon.A suspicious?

Win32/Packed.BlackMoon.A suspicious removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment