Trojan.Packed.Themida information

Malware Removal

The Trojan.Packed.Themida is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Packed.Themida virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

telete.in
apps.identrust.com
yearofthepig.top

How to determine Trojan.Packed.Themida?


File Info:

crc32: F2E0321A
md5: 85c239324e0b5a8ebbb3dd93ca4628a0
name: 85C239324E0B5A8EBBB3DD93CA4628A0.mlw
sha1: 1d5c42f4a70a90e2023c4683b2b8a59ece5e7960
sha256: 266f8215ba1b531f93fb7567c34088e49ad4de63d9c2726e11caaa6158be9d9a
sha512: ca4928d2a2b3619c5ed623e32fec7082660a49f6e7195b7e653868bf6902f84480eb8d2f02c997002c9a0f4f6bc650bebb6f6618d231c991b89ed837214963da
ssdeep: 49152:AsRxfsHfO4GNXV/S9LZP1FHQGWZZhPzk0KcBY64aUma9kf:ts/lGD69lPTWZZhbT3YoUma9I
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: xa9 x41cx43ex44f x41ax43ex43cx43fx430x43dx438x44f. x412x441x435 x43fx440x430x432x430 x437x430x449x438x449x435x43dx44b.
InternalName: myfile.exe
FileVersion: 1.0.0.0
CompanyName: x41cx43ex44f x41ax43ex43cx43fx430x43dx438x44f
ProductName: x41dx430x437x432x430x43dx438x435 x43fx440x43ex433x440x430x43cx43cx44b
ProductVersion: 1.0.0.0
FileDescription: x41ex43fx438x441x430x43dx438x435 x43cx43ex435x433x43e x43fx440x438x43bx43ex436x435x43dx438x44f
OriginalFilename: myfile.exe
Translation: 0x0409 0x04b0

Trojan.Packed.Themida also known as:

BkavW32.AIDetectGBM.malware.02
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.36273230
FireEyeGeneric.mg.85c239324e0b5a8e
CAT-QuickHealTrojan.RacealerRI.S18206399
Qihoo-360Win32/Trojan.Razy.HxMBBrcC
McAfeeArtemis!85C239324E0B
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0056043f1 )
BitDefenderTrojan.GenericKD.36273230
K7GWTrojan ( 0056043f1 )
Cybereasonmalicious.24e0b5
CyrenW32/Trojan.YEMR-5780
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyTrojan-PSW.Win32.Racealer.kns
AlibabaTrojanPSW:Win32/Racealer.8b54096d
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
ViRobotTrojan.Win32.Z.Themida.2280672
RisingTrojan.Razy!8.73AD (CLOUD)
Ad-AwareTrojan.GenericKD.36273230
EmsisoftTrojan.GenericKD.36273230 (B)
ComodoMalware@#3bnkxwwd8joyw
F-SecureTrojan.TR/Crypt.XPACK.Gen2
ZillyaTrojan.Themida.Win32.64037
TrendMicroTROJ_GEN.R002C0DAU21
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusTrojan.Win64.Themida
JiangminTrojan.PSW.Racealer.btu
AviraTR/Crypt.XPACK.Gen2
MicrosoftTrojan:Win32/Razy.BM!MSR
GridinsoftTrojan.Heur!.012160B1
ArcabitTrojan.Generic.D2297C4E
ZoneAlarmTrojan-PSW.Win32.Racealer.kns
GDataTrojan.GenericKD.36273230
CynetMalicious (score: 85)
AhnLab-V3Malware/Win32.Generic.C4302074
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34574.lM2@aCwJkbni
ALYacTrojan.GenericKD.36273230
MAXmalware (ai score=81)
VBA32BScope.Trojan.Chapak
MalwarebytesTrojan.Packed.Themida
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Packed.Themida.HQI
TrendMicro-HouseCallTROJ_GEN.R002C0DAU21
TencentWin32.Trojan-qqpass.Qqrob.Ecak
YandexTrojan.TPM!h27aFNnrhko
SentinelOneStatic AI – Malicious PE
eGambitPE.Heur.InvalidSig
FortinetW32/PossibleThreat
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.1728101.susgen

How to remove Trojan.Packed.Themida?

Trojan.Packed.Themida removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment