Win32/Packed.Themida.HNN removal tips

The Win32/Packed.Themida.HNN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Packed.Themida.HNN virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (4 unique times)
Presents an Authenticode digital signature
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Attempts to create or modify system certificates
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

tttttt.me

apps.identrust.com

How to determine Win32/Packed.Themida.HNN?


File Info:
crc32: D1386315
md5: 6654274fd3aed9024394ef8657461b9d
name: 6654274FD3AED9024394EF8657461B9D.mlw
sha1: cc3941cbc1baac94c8e91d07756ee37ab4b7b9fa
sha256: 130aab0a401cfce6e038d6d9f2bf1d94588a92c04c9b27a67f7a00c6a1413491
sha512: f783c4cef5077b89b3e384415695e8c6adda4edf3f15b0fede37b93cf156d0021cb381a52425d3110549ce915e614925eba5c28d7e47c30e2bbe673a9f35a5a6
ssdeep: 98304:FVvza5ugzFecPsRnfBWA1aIyIkOlvrE3zea9X2PMTlTuDX4vJ61d07QVNaLWTCW2:FQ5t1i/39lMAoh6X07QVNaLWTCV
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright Molten Always Software 1997-2020
InternalName: Molten Always
FileVersion: 8,9,4483,1641
CompanyName: Molten Always System
LegalTrademarks: Cycling Opus Install
ProductName: Cycling Opus Install
ProductVersion: 9,11,5072,1985
FileDescription: Cycling Opus Install
OriginalFilename: Rally.exe
Translation: 0x0000 0x0000

Win32/Packed.Themida.HNN also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0056a6f61 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojanpws.Racealer
ALYac	Gen:Variant.Razy.723832
Cylance	Unsafe
Sangfor	Infostealer.Win32.Racealer.lji
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanPSW:Win32/Racealer.d15beec8
K7GW	Trojan ( 0056a6f61 )
Cybereason	malicious.fd3aed
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.Themida.HNN
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Packed.Razy-9873978-0
Kaspersky	Trojan-PSW.Win32.Racealer.lji
BitDefender	Gen:Variant.Razy.723832
MicroWorld-eScan	Gen:Variant.Razy.723832
Ad-Aware	Gen:Variant.Razy.723832
Sophos	Mal/Generic-S
Comodo	TrojWare.Win32.UMal.zyohw@0
BitDefenderTheta	Gen:NN.ZexaE.34758.@F1@amQesp
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0DFH21
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.6654274fd3aed902
Emsisoft	Gen:Variant.Razy.723832 (B)
SentinelOne	Static AI – Suspicious PE
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1142874
Kingsoft	Win32.PSWTroj.Racealer.l.(kcloud)
Microsoft	Trojan:Win32/Razy.BM!MSR
Gridinsoft	Trojan.Heur!.010160B1
Arcabit	Trojan.Razy.DB0B78
AegisLab	Trojan.Win32.Racealer.i!c
GData	Gen:Variant.Razy.723832
AhnLab-V3	Trojan/Win32.Razy.C4386229
McAfee	Artemis!6654274FD3AE
MAX	malware (ai score=83)
VBA32	TrojanPSW.Racealer
Malwarebytes	Trojan.MalPack.Themida
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DFH21
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/PossibleThreat
AVG	Win32:TrojanX-gen [Trj]
Paloalto	generic.ml

How to remove Win32/Packed.Themida.HNN?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Packed.Themida.HNN removal tips