Win32/PSW.Agent.NTM malicious file

The Win32/PSW.Agent.NTM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/PSW.Agent.NTM virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Win32/PSW.Agent.NTM?


File Info:
name: FC2F06B13FDBF4D9E120.mlw
path: /opt/CAPEv2/storage/binaries/16fc0547dfaa3262eeaa8c51c9973a79ba363fc849f1606ad2fa7f1e578f14ec
crc32: 355FA44D
md5: fc2f06b13fdbf4d9e120075cc02384e0
sha1: 6c9f1a3ec639e6aa0ac0d5e5f5b484a77969ed6a
sha256: 16fc0547dfaa3262eeaa8c51c9973a79ba363fc849f1606ad2fa7f1e578f14ec
sha512: 103167be1527f3a2fa4d15d7155cb8609eee675985151c64a2cb9a7591f3853c164b656f2caf2f90af37f1656b1e11070be8d140d49ade29cbbafe6b5dfb7da0
ssdeep: 3072:BfIZD9Yw/4+pFTBfRrUlaiRh2hApKmZwCn4npgkMuOHFpVwKpYl5d5+N3kIH9TTw:BSqw/4cTBJrUzRolf8FpVwKpqf5+p9u
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A734DF5173B0EC32E2B6063255D1C67896397952ABB483CF72ECB76EAD362901B343C5
sha3_384: ab796ee5a5d262a2382f61bcfbc02682cd6921dfd65f0225be7ae22e807182b87c08623b3296ba194995cce401d1c333
ep_bytes: 60be00c042008dbe0050fdff57eb0b90
timestamp: 2012-02-17 17:57:24

Version Info:
FileVersion: 2.0.2.1
PrivateBuild: 2003
ProductVersion: 2.0.2.1
Translation: 0x0809 0x04b0

Win32/PSW.Agent.NTM also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Yakes.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Trojan.Heur.KS.1
ClamAV	Win.Malware.Cycbot-9789213-0
ALYac	Gen:Trojan.Heur.KS.1
Cylance	unsafe
Sangfor	Virus.Win32.Save.a
Alibaba	TrojanPSW:Win32/Yakes.d639c569
K7GW	Password-Stealer ( 002f7a301 )
Cybereason	malicious.13fdbf
Cyren	W32/Backdoor.J.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/PSW.Agent.NTM
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Yakes.abiej
BitDefender	Gen:Trojan.Heur.KS.1
NANO-Antivirus	Trojan.Win32.Gbot.kxccm
Avast	Win32:Crypt-LLY [Trj]
Tencent	Win32.Trojan.Yakes.Mjgl
Emsisoft	Gen:Trojan.Heur.KS.1 (B)
F-Secure	Trojan.TR/Rogue.kdv.538872
DrWeb	Trojan.PWS.Multi.363
VIPRE	Gen:Trojan.Heur.KS.1
TrendMicro	TROJ_GEN.R03BC0DF323
McAfee-GW-Edition	BehavesLike.Win32.Dropper.dh
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.fc2f06b13fdbf4d9
Sophos	Mal/Generic-R
SentinelOne	Static AI – Malicious PE
GData	Gen:Trojan.Heur.KS.1
Jiangmin	Heur:Trojan/Logogif
Avira	TR/Rogue.kdv.538872
Antiy-AVL	Trojan[Backdoor]/Win32.Gbot
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Trojan.Heur.KS.1
ZoneAlarm	Trojan.Win32.Yakes.abiej
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Backdoor/Win32.Gbot.R35572
Acronis	suspicious
McAfee	Artemis!FC2F06B13FDB
MAX	malware (ai score=84)
VBA32	SScope.Malware-Cryptor.Maxplus.0997
Malwarebytes	Malware.AI.3780061787
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R03BC0DF323
Rising	Backdoor.Cycbot!1.9934 (CLOUD)
Ikarus	Trojan-PSW.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ULPM.16C0!tr
BitDefenderTheta	AI:Packer.3B02961514
AVG	Win32:Crypt-LLY [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

How to remove Win32/PSW.Agent.NTM?

Win32/PSW.Agent.NTM removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X