Malware

What is “Win32/PSW.Agent.NUS”?

Malware Removal

The Win32/PSW.Agent.NUS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/PSW.Agent.NUS virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Operates on local firewall’s policies and settings
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Win32/PSW.Agent.NUS?



File Info:

name: 5D95637B50942E098161.mlw
path: /opt/CAPEv2/storage/binaries/2b3496a749716fb2af420a73942e6294cb1650eb2faef65948698e739cdec591
crc32: D02E44C9
md5: 5d95637b50942e0981616f92ea00200d
sha1: 6f96a25df5ab137a5caa73f8de885cc20d71372f
sha256: 2b3496a749716fb2af420a73942e6294cb1650eb2faef65948698e739cdec591
sha512: 20bdec83747d2971c49a2f6703517108b135677be9ff4df8e800097970d4202b933ea57eae8c91c1c27133f404252ecb5722cc4f76e8c992976e51ba276daf28
ssdeep: 3072:9FXSNqQBt8uEtRry8+EZt+hjDoy2YLJQ2BaGYxclxOy9skCj8Xj/uSpwP:9kNq7uErydwBYNQm+9y+kCYXj/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5249C43749088BFF60347BC04665ED5E13AF1A997B9ADD303D0068A4A397D29D3E1BE
sha3_384: 8dd745d005449c75b772d2bcacb64863331e503e8613285fcc5cb71ebeacc3fefc7a38e5c9220716f5306b60b6d8374f
ep_bytes: 6a606848134100e8d6220000bf940000
timestamp: 2013-08-14 17:30:16


Version Info:

Comments: press: http://www.worldprepare.com
CompanyName: Alwaysgoshell Corporation
FileDescription: Alwaysgoshell Mixable
FileVersion: 2.4.49.828 built by: miss
InternalName: Inventexample.exe
LegalCopyright: © 2006 Alwaysgoshell Corporation. All rights reserved.
LegalTrademarks: Alwaysgoshell Corporation. All rights reserved.
OriginalFilename: Inventexample.exe
ProductName: Alwaysgoshell Mixable 2003
ProductVersion: 2.4.49.828
Translation: 0x0409 0x04b0

Win32/PSW.Agent.NUS also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Pack.Emotet.4
FireEyeGeneric.mg.5d95637b50942e09
ALYacGen:Heur.Pack.Emotet.4
CylanceUnsafe
ZillyaTrojan.Agent.Win32.430253
SangforTrojan.Win32.Agent.NUS
AlibabaTrojanPSW:Win32/PWSZbot.ddb86545
Cybereasonmalicious.b50942
BitDefenderThetaGen:NN.ZexaF.34212.nu0@ausapBmi
VirITTrojan.Win32.Agent.BDDU
SymantecTrojan.Zbot
ESET-NOD32Win32/PSW.Agent.NUS
TrendMicro-HouseCallTROJ_SPNR.0BJA13
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Heur.Pack.Emotet.4
NANO-AntivirusTrojan.Win32.Clicker.ebugin
AvastWin32:Malware-gen
TencentWin32.Trojan.Crypt.Szbx
Ad-AwareGen:Heur.Pack.Emotet.4
EmsisoftGen:Heur.Pack.Emotet.4 (B)
ComodoMalware@#1p0ymq3lzhhkq
DrWebTrojan.Click2.63733
VIPRETrojan.Win32.Zbot.c!ag (v)
TrendMicroTROJ_SPNR.0BJA13
McAfee-GW-EditionPWSZbot-FNX!5D95637B5094
SophosMal/Generic-S
APEXMalicious
GDataGen:Heur.Pack.Emotet.4
JiangminTrojan.Generic.wpmd
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.Gen8
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.13F163F
KingsoftWin32.PSWTroj.Undef.(kcloud)
MicrosoftPWS:Win32/Kegotip.C
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R79170
McAfeePWSZbot-FNX!5D95637B5094
VBA32BScope.Trojan.Click
IkarusTrojan-Spy.Win32.Zbot
RisingStealer.Agent!8.C2 (CLOUD)
YandexTrojan.PWS.Agent!/hYDGANhipM
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/KRYPTIK.PDA!tr
AVGWin32:Malware-gen
PandaGeneric Malware

How to remove Win32/PSW.Agent.NUS?

Win32/PSW.Agent.NUS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment