Categories: Malware

Win32/Packed.Themida.HKJ removal tips

The Win32/Packed.Themida.HKJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.Themida.HKJ virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Deletes its original binary from disk
Checks for the presence of known windows from debuggers and forensic tools
Steals private information from local Internet browsers
Collects information about installed applications
Creates a hidden or system file
Attempts to identify installed AV products by installation directory
Checks the version of Bios, possibly for anti-virtualization
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to modify proxy settings
Creates a copy of itself
Harvests credentials from local FTP client softwares
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.telegram.org

ipapi.co

How to determine Win32/Packed.Themida.HKJ?


File Info:
crc32: E7F7C3BBmd5: 607afb9f5a1de0e31d5cf6904e60a853name: mastif_en.exesha1: ac99aafee4902a65c0185f9aab490da3b12b83aesha256: f29903033ff296dbb07a3a869bd7c3b2f135e12ed1be227691040dfe5272677bsha512: 356b77f7cd35abfae04149f1bde3f8b84affc6556e411edd9f4ced3355dfd70e9f3840818cfd89e57b94b6867babc20b896507ee4f32b13671ff934f67a0e797ssdeep: 98304:L+ZahyPX7zOiq98PTD8Jdky6CMKrVzq5VfrQlfoDKz14eOGQeUzA:gh7Lq9SEfkdCMhrfruoDKz+AQ/ctype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0000 0x04b0LegalCopyright: Copyright @ GalaSoft Laurent Bugnion 2009-2018Assembly Version: 5.4.1.0InternalName: GalaSoft.MvvmLight.dllFileVersion: 5.4.1.0CompanyName: GalaSoft Laurent Bugnion @ http://www.galasoft.chComments: .NET Standard 1.0. A lightweight framework to implement Model-View-ViewModel applications in WPF, Windows Store, Windows Phone, Silverlight, Xamarin.ProductName: GalaSoft.MvvmLightProductVersion: 5.4.1.0FileDescription: GalaSoft.MvvmLightOriginalFilename: GalaSoft.MvvmLight.dll

Win32/Packed.Themida.HKJ also known as:

Bkav	HW32.Packed.
Qihoo-360	Win32/Virus.RiskTool.d58
McAfee	Artemis!607AFB9F5A1D
Cylance	Unsafe
K7AntiVirus	Trojan ( 00562e201 )
K7GW	Trojan ( 00562e201 )
CrowdStrike	win/malicious_confidence_60% (W)
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Win32.Trojan-Stealer.QuStealer.X4N45T
Kaspersky	not-a-virus:RiskTool.Win32.Agent.biye
Alibaba	RiskWare:Win32/Themida.d985e81b
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Rising	Malware.Heuristic!ET#98% (RDMK:cmRtazpuKHLIoUwTyUqilUGvWbrZ)
Endgame	malicious (high confidence)
DrWeb	Trojan.Siggen9.28251
Zillya	Trojan.Themida.Win32.11201
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.607afb9f5a1de0e3
Sophos	Generic PUA KM (PUA)
Ikarus	Trojan-Spy.HawkEye
Jiangmin	Trojan.Banker.ClipBanker.nd
ZoneAlarm	not-a-virus:RiskTool.Win32.Agent.biye
Microsoft	Trojan:Win32/Wacatac.D!ml
VBA32	BScope.TrojanPSW.Maria
ESET-NOD32	a variant of Win32/Packed.Themida.HKJ
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_87%
Fortinet	W32/Malicious_Behavior.VEX
BitDefenderTheta	Gen:NN.ZexaF.34104.@70@amJoktli
AVG	Win32:Trojan-gen
Cybereason	malicious.ee4902
Paloalto	generic.ml