Malware

Win32/Packed.Themida.CLW malicious file

Malware Removal

The Win32/Packed.Themida.CLW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Themida.CLW virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key

How to determine Win32/Packed.Themida.CLW?



File Info:

name: FEDBF6841538DA02A28B.mlw
path: /opt/CAPEv2/storage/binaries/09275192480be10469bb7efbb59137a6d864f3584a2a3a149ceda9579b4db2e4
crc32: 04CE1179
md5: fedbf6841538da02a28b41fcceb3ce2e
sha1: 5dba5e39aed4b4fb2646f83d41df40a5f1a161ae
sha256: 09275192480be10469bb7efbb59137a6d864f3584a2a3a149ceda9579b4db2e4
sha512: 72c7b6be4286be12c0e3a6c77d1c9e7e64a98cb1fe725e5ca894ebcaeed6944d4a0ff53bde722b97e4a0ce479dc1274ad8937f0f68dd0199da77b9ad920e6b20
ssdeep: 98304:G2cPK83psgVRDzqcsxu/isHl32Ab9csP2Hrpowqsoqk:pCKWpOcsxuRHYAbbkqsTk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T199361213A3A6D031FFABA2739FA5F20556BD7C250133852F12AC1D79BD701B1626E623
sha3_384: 99a85ebd0ffa3555d25cbf4c3424de58e8fd380e0a6486789fdb5b1cca7cd4bad8316f5de497d11382c44ebcfa7204d8
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2020-06-11 11:37:02


Version Info:

CompanyName: RadiXX11
FileDescription: Keygen for High-Logic Products
FileVersion: 1.0.0.0
InternalName: Keygen.exe
LegalCopyright: © 2019, RadiXX11
LegalTrademarks: 
OriginalFilename: Keygen.exe
ProductName: High-Logic Products Keygen
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0409 0x04e4

Win32/Packed.Themida.CLW also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Gamehack.3!e
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.34234720
FireEyeGeneric.mg.fedbf6841538da02
CAT-QuickHealTrojan.Keygen
ALYacTrojan.GenericKD.34234720
CylanceUnsafe
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojanPSW:Win32/Grand.6d758694
K7GWTrojan ( 700000111 )
Cybereasonmalicious.41538d
CyrenW32/AutoIt.RN.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.Themida.CLW
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan-PSW.MSIL.Grand.ct
BitDefenderTrojan.GenericKD.34234720
AvastWin32:Trojan-gen
RisingHacktool.Miner!8.13A68 (CLOUD)
Ad-AwareTrojan.GenericKD.34234720
SophosMal/Generic-S
DrWebTrojan.Siggen18.34253
VIPRETrojan.GenericKD.34234720
TrendMicroTROJ_GEN.R002C0WH922
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
EmsisoftTrojan.GenericKD.34234720 (B)
GDataTrojan.GenericKD.34234720
AviraHEUR/AGEN.1245514
Antiy-AVLTrojan/Generic.ASMalwS.511F
ArcabitTrojan.Generic.D20A6160
MicrosoftTrojan:Win32/Occamy.C75
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5221715
Acronissuspicious
McAfeeArtemis!FEDBF6841538
MAXmalware (ai score=83)
MalwarebytesRiskWare.Keygen
TrendMicro-HouseCallTROJ_GEN.R002C0WH922
IkarusTrojan.Win32.Themida
FortinetW32/PossibleThreat
BitDefenderThetaGen:NN.ZexaF.34592.Hz0aaO6Novki
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Packed.Themida.CLW?

Win32/Packed.Themida.CLW removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment