Malware

About “Win32/Packed.Themida.HPN” infection

Malware Removal

The Win32/Packed.Themida.HPN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Themida.HPN virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with Themida
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the RedLine malware family
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.Themida.HPN?



File Info:

name: 5D5E0D7FAB78FF913004.mlw
path: /opt/CAPEv2/storage/binaries/ad32a14fc89426d8ebda89e07c0a1bc72b2c84c82a30a6a5c1f730999dca82b4
crc32: E983E67C
md5: 5d5e0d7fab78ff9130043cf8cee78512
sha1: 16d4666d46de03669adcbeb767d18528b96d9020
sha256: ad32a14fc89426d8ebda89e07c0a1bc72b2c84c82a30a6a5c1f730999dca82b4
sha512: 11181169fc331ca3cb72a56fda01aab2c48ae3484f7c56f01d2696fafbb9bda534a6fd3e8d707f11ac0caa1dd65f916a09499fcc549973c4463ed9abb1428017
ssdeep: 98304:FnAqOMxfMF0/qSJlPr9Xmi93G/6WTmXNkRTFkJA6s0J3DqvJFT+KG+RiC:FnApMu0CwlPR3068mOvJe+cC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11666ADA0770AB9CFD88ACD78B857DD92C55C47F906144421E9EE38BEBF73C41A286934
sha3_384: 9c89887d488fc23f730a7b5f7a11daa3e4c032bb5bd9e945365b2e35977ce08b4a68ba60a3ee1aec95619254ec243518
ep_bytes: 55e97851e9ff5de9149a050061020c00
timestamp: 2012-07-13 22:47:16


Version Info:

Translation: 0x0000 0x04b0
Comments: Ecu Correction Operations
CompanyName: EcuCorr L.T.D.
FileDescription: EcuCorr
FileVersion: 1.0.1.2
InternalName: EcuCorrWin.exe
LegalCopyright: Copyright © EcuCorr 2021
LegalTrademarks: EcuCorr L.T.D.
OriginalFilename: EcuCorrWin.exe
ProductName: EcuCorr
ProductVersion: 1.0.1.2
Assembly Version: 1.0.1.2

Win32/Packed.Themida.HPN also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
AVGWin32:Trojan-gen
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.67398826
FireEyeGeneric.mg.5d5e0d7fab78ff91
McAfeeArtemis!5D5E0D7FAB78
MalwarebytesMalware.Heuristic.1003
SangforTrojan.Win32.Agent.V8b3
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaCO.36250.@F0@ayOsJbhi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.Themida.HPN
CynetMalicious (score: 100)
APEXMalicious
BitDefenderTrojan.GenericKD.67398826
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Trojan-gen
TencentWin32.Trojan.Agen.Uimw
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1322403
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.67398826 (B)
GDataTrojan.GenericKD.67398826
AviraHEUR/AGEN.1322403
Antiy-AVLTrojan[Packed]/Win32.Themida
ArcabitTrojan.Generic.D4046CAA
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
Acronissuspicious
VBA32BScope.TrojanPSW.MSIL.Reline
MAXmalware (ai score=86)
Cylanceunsafe
YandexTrojan.GenAsa!c3aC9kZ16SA
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
ZonerProbably Heur.ExeHeaderL
Cybereasonmalicious.fab78f
DeepInstinctMALICIOUS

How to remove Win32/Packed.Themida.HPN?

Win32/Packed.Themida.HPN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment