Ransom Trojan

About “Trojan-Ransom.Win32.Phpw.agt” infection

Malware Removal

The Trojan-Ransom.Win32.Phpw.agt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Phpw.agt virus can do?

  • Unconventionial language used in binary resources: Korean
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Phpw.agt?


File Info:

name: 88D02E3B9089CB821462.mlw
path: /opt/CAPEv2/storage/binaries/1ee21947ff0729e607e80db727331212ce325e9b0bae5823e934909c86189b6b
crc32: DDD44047
md5: 88d02e3b9089cb821462618f4fa78a01
sha1: 26cf5eda76e490b926490c5740f41c4b94a34aeb
sha256: 1ee21947ff0729e607e80db727331212ce325e9b0bae5823e934909c86189b6b
sha512: 66655aa680f23235ab8e93732ed1bec480aa2b8dfe447e4fb4ed1420922c0c2424d405cc5a0f32788019a002df618b36293ff9ab914802a47d10ccd2c918d13d
ssdeep: 98304:G0JZqY+zSVP9oSq7uM9e4Pazqkwph7et/Z3No+47sbSqml:G51q9oruYbPwhwpQPoj7+w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10936D022BBE1C076C6A702734859D72E93F6E5705F3186C3A6D42B0E9F346D2BE36641
sha3_384: 3ca20b0485ade979ad52b1d6c4353bd54db3c4e7ac16585fa5ec7e75cef19054f94d033d116ec6de30c105e3fdfca3df
ep_bytes: e824ac0000e978feffff6a0c68f89243
timestamp: 2021-12-04 07:31:44

Version Info:

0: [No Data]

Trojan-Ransom.Win32.Phpw.agt also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.62358
MicroWorld-eScanDropped:Trojan.GenericKD.38190372
FireEyeGeneric.mg.88d02e3b9089cb82
McAfeeArtemis!6C77530B3B32
Cybereasonmalicious.b9089c
BitDefenderThetaGen:NN.ZexaF.34084.zz0aaGVBlshO
CyrenW32/Themida.B.gen!Eldorado
ESET-NOD32a variant of Win32/JackServn.W
KasperskyTrojan-Ransom.Win32.Phpw.agt
BitDefenderDropped:Trojan.GenericKD.38190372
NANO-AntivirusTrojan.Win32.JackServn.isojtt
AvastWin32:Trojan-gen
RisingMalware.Heuristic!ET#87% (RDMK:cmRtazptdcMRtm0Ohs1JBscF/Fwr)
Ad-AwareDropped:Trojan.GenericKD.38190372
SophosMal/Behav-001
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
EmsisoftDropped:Trojan.GenericKD.38190372 (B)
IkarusTrojan.Win32.Themida
eGambitUnsafe.AI_Score_95%
AviraTR/JackServn.nwhir
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataDropped:Trojan.GenericKD.38190372
CynetMalicious (score: 100)
VBA32TScope.Malware-Cryptor.SB
ALYacDropped:Trojan.GenericKD.38190372
MalwarebytesMalware.AI.4087922449
APEXMalicious
YandexTrojan.JackServn!HaqZpU9I2PU
MAXmalware (ai score=85)
FortinetW32/JackServn.W!tr
AVGWin32:Trojan-gen

How to remove Trojan-Ransom.Win32.Phpw.agt?

Trojan-Ransom.Win32.Phpw.agt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment