Malware

Win32/Packed.Themida.HJA information

Malware Removal

The Win32/Packed.Themida.HJA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Packed.Themida.HJA virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 34654363e456453654.exe
  • Network activity detected but not expressed in API logs
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Win32/Packed.Themida.HJA?


File Info:

crc32: BB513028
md5: b59544af1410cb54cf3350e519dbffb7
name: 34654363e456453654.exe
sha1: ae388a798a4857da035be062785ee9d0125a31d4
sha256: 72c0b0c09fcfd0dc555452c0b3c5ebb7841ff1073d095d4f24985b2d586312b9
sha512: 3f7dda51b098e475eab8b646f72ae47caa76572de4a2db94b6cbfee6e6a8e516e8412288bd403e966ee163bb392f1adb0570a3c090012cc7abdd29a81542e572
ssdeep: 49152:O34gMFo/7V+n55DXZql7N1ocKJhoHl9IAWBEmW:O3fV4XXZql7Nx2hzVW
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright:
Assembly Version: 1.3.0.0
InternalName: Client.exe
FileVersion: 1.3.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 1.3.0.0
FileDescription:
OriginalFilename: Client.exe

Win32/Packed.Themida.HJA also known as:

BkavW32.HfsAutoB.
MicroWorld-eScanTrojan.GenericKD.42839102
FireEyeGeneric.mg.b59544af1410cb54
Qihoo-360Generic/Trojan.Spy.333
McAfeeArtemis!B59544AF1410
MalwarebytesBackdoor.Bot
SangforMalware
K7AntiVirusTrojan ( 00561e341 )
BitDefenderTrojan.GenericKD.42839102
K7GWTrojan ( 00561e341 )
CrowdStrikewin/malicious_confidence_90% (W)
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.GenericKD.42839102
KasperskyHEUR:Trojan-Spy.MSIL.Quasar.vho
AlibabaPacked:Win32/Themida.334263aa
NANO-AntivirusTrojan.Win32.Quasar.hetemu
ViRobotTrojan.Win32.Z.Quasar.1903104
AegisLabTrojan.MSIL.Quasar.l!c
AvastWin32:Trojan-gen
RisingBackdoor.QuasarRAT!8.106FD (CLOUD)
Ad-AwareTrojan.GenericKD.42839102
SophosMal/Generic-S
ComodoMalware@#2m2663nndcprn
F-SecureHeuristic.HEUR/AGEN.1028522
DrWebTrojan.DownLoader33.12208
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Elkerncav.tc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.42839102 (B)
IkarusBackdoor.MSIL.CardinalRAT
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1028522
MAXmalware (ai score=81)
Antiy-AVLTrojan[Spy]/MSIL.Quasar
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D28DAC3E
ZoneAlarmHEUR:Trojan-Spy.MSIL.Quasar.vho
MicrosoftBackdoor:Win32/QuasarRAT.A
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34100.0z0aaOJ8Tdm
ALYacTrojan.GenericKD.42839102
VBA32TScope.Malware-Cryptor.SB
CylanceUnsafe
ESET-NOD32a variant of Win32/Packed.Themida.HJA
TrendMicro-HouseCallTROJ_GEN.R002H0CCE20
TencentWin32.Trojan.Agent.Pfsv
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic!tr.dldr
AVGWin32:Trojan-gen
Cybereasonmalicious.98a485

How to remove Win32/Packed.Themida.HJA?

Win32/Packed.Themida.HJA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment