ThreatExpert's Statistics for BKDR_AHZE.SMM [Trend Micro]:

BKDR_AHZE.SMM [Trend Micro] is also known as:

Threat Alias	Number of Incidents
BackDoor-CEP.gen.g [McAfee]	332
Win-Trojan/Midgare.32256 [AhnLab]	318
Backdoor:Win32/Bifrose.AE [Microsoft]	299
Trojan.Midgare.hhn [PC Tools]	280
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	279
Backdoor.Trojan [Symantec]	263
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	159
Backdoor.Bifrose [Symantec]	103
Virus.Trojan.Win32.Midgare [Ikarus]	71
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	68
Trojan.Win32.Midgare.fcz [Kaspersky Lab]	50
Trojan.Midgare!sd6 [PC Tools]	46
VirTool:Win32/Injector.gen!AG [Microsoft]	39
Mal/Bifrose-X, Mal/EncPk-FH [Sophos]	35
BKDR_AHZE.NY [Trend Micro]	32
Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	25
Mal/EncPk-FH [Sophos]	22
Win-Trojan/Midgare.30208 [AhnLab]	19
Backdoor:Win32/Bifrose.HM [Microsoft]	18
BackDoor-CEP.gen.a [McAfee]	17
Infostealer [Symantec]	17
Mal/Generic-A [Sophos]	16
Backdoor.Bifrose [PC Tools]	15
Mal/Generic-E, Mal/EncPk-FH [Sophos]	15
Win-Trojan/Midgare.30590 [AhnLab]	14
Mudgare.a [McAfee]	10
Trojan.Win32.Monder.ybg [Kaspersky Lab]	10
Trojan.Win32.Refroso.wwn [Kaspersky Lab]	9
Virus.Win32.Bifrose [Ikarus]	8
Trojan:Win32/Midgare.A [Microsoft]	7
W32/Sality-AM [Sophos]	7
Backdoor.Trojan [PC Tools]	5
Mal/Bifrose-Z, Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	5
Mal/EncPk-KZ, Mal/EncPk-FH [Sophos]	5
Mudgare.gen.b [McAfee]	5
Virus.Trojan.Win32.Midgare.hhn [Ikarus]	5
Virus:Win32/Sality.AM [Microsoft]	5
W32.Virut.CF [Symantec]	5
W32/Sality.gen [McAfee]	5
Win32/Kashu.B [AhnLab]	5
Backdoor.Win32.Bifrose.bmzp [Kaspersky Lab]	4
Backdoor-CEP.gen.i [McAfee]	4
Mal/Bifrose-X [Sophos]	4
Trojan.Win32.Midgare [Ikarus]	4
Virus:Win32/Virut.BM [Microsoft]	4
W32.Sality.AE [Symantec]	4
Backdoor.Bifrose!sd6 [PC Tools]	3
Backdoor.Win32.Bifrose.abjs [Kaspersky Lab]	3
BackDoor-CEP!hv.a [McAfee]	3
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	3
Mal/EncPk-FH, Mal/EncPk-KZ [Sophos]	3
W32/Sality.gen.b [McAfee]	3
Backdoor.Win32.Bifrose.bkns [Kaspersky Lab]	2
Mal/Behav-352, W32/Scribble-B [Sophos]	2
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z, W32/Scribble-B [Sophos]	2
Mal/Bifrose-X, Mal/Sality-C [Sophos]	2
Mal/EncPk-KZ [Sophos]	2
Mal/Midgar-A, Mal/EncPk-FH [Sophos]	2
Trojan.Win32.Midgare.hhn [Kaspersky Lab]	2
Virus.Win32.Virut.ce [Kaspersky Lab]	2
W32.Sality.AM [Symantec]	2
Win32/Virut.F [AhnLab]	2
Backdoor.Win32.Bifrose [Ikarus]	1
Backdoor.Win32.Bifrose.bsgp [Kaspersky Lab]	1
Backdoor.Win32.Bifrose.ceas [Kaspersky Lab]	1
Backdoor.Win32.Bifrose.cfdb [Kaspersky Lab]	1
Mal/Behav-352, Mal/Bifrose-Z [Sophos]	1
Mal/Behav-352, Mal/Bifrose-Z, Mal/EncPk-KZ [Sophos]	1
Mal/Bifrose-X, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
Mal/EncPk-IT, Mal/Behav-103, Mal/Behav-043, Mal/EncPk-FL [Sophos]	1
Mal/EncPk-KZ, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	1
Mal/Generic-E [Sophos]	1
Mal/Packer, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
Mal/Sality-B [Sophos]	1
Packed.Win32.PePatch.lc [Kaspersky Lab]	1
Trojan Horse [Symantec]	1
Trojan.Win32.Midgare.aaay [Kaspersky Lab]	1
Trojan.Win32.Midgare.uvz [Kaspersky Lab]	1
Trojan.Win32.Monder.cszl [Kaspersky Lab]	1
Trojan.Win32.Monder.ctch [Kaspersky Lab]	1
Trojan.Win32.Refroso.tcn [Kaspersky Lab]	1
Virus:Win32/Sality.AN [Microsoft]	1
Virus:Win32/Sality.gen [Microsoft]	1
Virus:Win32/Sality.gen!enc [Microsoft]	1
Win-Trojan/Bifrose.35709.B [AhnLab]	1
Win-Trojan/Midgare.32637.BI [AhnLab]	1
Win-Trojan/Monder.32669 [AhnLab]	1

BKDR_AHZE.SMM [Trend Micro] has the following possible countries of origin:

Origin		Number of Incidents
	Israel	2
	Turkey	2
	China	1

BKDR_AHZE.SMM [Trend Micro] is known to be created as:

%AppData%\bifrost\server.exe

%AppData%\microsoft\svchost.exe

%AppData%\system\win.exe

%AppData%\winrar\winrar.exe

%CommonPrograms%\startup\net.exe

%CommonPrograms%\startup\server.exe

%CommonPrograms%\startup\sexih_hot.scr

%InternetCache%\57289261.exe

%LocalSettings%\temptmp.exe

%ProgramFiles%\anti-trust\anti-trust.exe

%ProgramFiles%\biforst\server.exe

%ProgramFiles%\bifrost\a.exe

%ProgramFiles%\bifrost\ser.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\sosue.exe

%ProgramFiles%\bifroxx\server.exe

%ProgramFiles%\cccc.exe

%ProgramFiles%\dir\server.exe

%ProgramFiles%\live\ccshost.exe

%ProgramFiles%\mesenger\windows.exe

%ProgramFiles%\micro\hosts.exe

%ProgramFiles%\microsoft\svchost.exe

%ProgramFiles%\microsoft\yahoo.exe

%ProgramFiles%\movie maker\moviemk.exe

%ProgramFiles%\msn\spoolsv.exe

%ProgramFiles%\msns\msns.exe

%ProgramFiles%\netmeeting0\cb32.exe

%ProgramFiles%\server_crypt.exe

%ProgramFiles%\system32\lasse.exe

%ProgramFiles%\teamviewer.exe\server_crypt.exe

%ProgramFiles%\test\test.exe

%ProgramFiles%\windows\windows.exe

%Programs%\startup\222.exe

%Programs%\startup\sex.exe

%System%\1039\win32dll.exe

%System%\bifrost\server.exe

%System%\bifrost\test.exe

%System%\bifroxx\server.exe

%System%\boot\win34.exe

%System%\explorer\explorer.exe

%System%\explorer\internet.exe

%System%\hhhh\server.exe

%System%\java\java.exe

%System%\langame\langame.exe

%System%\microsoft\microsoft.exe

%System%\microsoft\sestyme32.exe

%System%\microsoft\svco.exe

%System%\msn\installplus.exe

%System%\password\password.exe

%System%\qqq\server.exe

%System%\server.exe

%System%\sky\win.exe

%System%\spooll\spooll.exe

%System%\sysfile\win37.exe

%System%\system\win.exe

%System%\system321\server.exe

%System%\update\microsoftt.exe

%System%\web\web.exe

%System%\windoo\maicroo.exe

%System%\windows\dnetc.exe

%System%\windows\microsoft.exe

%System%\windows32\system32.exe

%System%\winrar\winrar.exe

%System%\xx\sys.exe

%Temp%\1.exe

%Temp%\7.exe

%Temp%\bifrost 1.2.1d\server.exe

%Temp%\bifrost no connection limits\server.exe

%Temp%\bifrost-tryag\server.exe

%Temp%\filetmp.exe

%Temp%\ixp000.tmp\1.exe

%Temp%\ixp000.tmp\3.exe

%Temp%\oiwvtuyenu.exe

%Temp%\olly.exe

%Temp%\qwert.exe

%Temp%\s.exe

%Temp%\server.exe

%Temp%\server1.exe

%Temp%\tempalbert\server.exe

%Temp%\tmp.exe

%Temp%\xdz3.exe

%Templates%\winupdcenter.exe

%UserProfile%\server.exe

%Windir%\bifrost\server.exe

%Windir%\sava\server.exe

%Windir%\sound\sound.exe

%Windir%\system\system32.exe

%Windir%\systemb\systemb.exe

%Windir%\temp\server2.exe

%Windir%\update\sys32.exe

%Windir%\win\deol.dll

%Windir%\win\upgates.exe

%Windir%\win32trxf.exe

c:\bifrost\server.exe

c:\server.exe

c:\server18.exe

c:\windows.crypted.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.