ThreatExpert's Statistics for Mal/Banspy-F [Sophos]:

Mal/Banspy-F [Sophos] is also known as:

Threat Alias	Number of Incidents
Infostealer [Symantec]	128
not-a-virus:PSWTool.Win32.MailPassView.ck [Kaspersky Lab]	99
Infostealer.Bancos [Symantec]	91
Dropper/MailPass.632320 [AhnLab]	88
Trojan-PSW.Generic [PC Tools]	79
Bloodhound.Bancos.1 [Symantec]	67
Trojan Horse [Symantec]	38
TrojanDownloader:Win32/Banload.gen!N [Microsoft]	38
Trojan-Banker.Win32.Banker [Ikarus]	30
Trojan.Crypt.Delf.F [Ikarus]	26
TrojanSpy:Win32/Banker.JX [Microsoft]	26
PWS-Banker!bsj [McAfee]	25
Trojan-Banker.Win32.Banbra.qcx [Kaspersky Lab]	25
PWS-Banker [McAfee]	24
Suspicious.MH690 [Symantec]	20
Win-Trojan/Banbra.581632.G [AhnLab]	20
BehavesLikeWin32.SMTP-Mailer [Ikarus]	19
Trojan.Crypt [Ikarus]	19
PWS-Banker.gen.i [McAfee]	18
Trojan-Banker.Win32.Banker.aohs [Kaspersky Lab]	18
Generic.Banker.Delf [Ikarus]	17
Trojan-Downloader.Win32.Delf [Ikarus]	16
Trojan-Downloader.Win32.Delf.sgq [Kaspersky Lab]	16
TrojanSpy:Win32/Bancos.OI [Microsoft]	15
Mal_Banker [Trend Micro]	14
New Malware.b [McAfee]	14
TrojanSpy:Win32/Bancos.gen!B [Microsoft]	14
TrojanSpy:Win32/Banker [Microsoft]	12
Generic.dx!fei [McAfee]	11
not-a-virus:AdWare.Win32.AdMoke [Ikarus]	11
Trojan-PWS.Win32.Delf [Ikarus]	11
Generic Malware.eb [McAfee]	10
PWS-Banker!bus [McAfee]	10
Spyware.Keylogger [Symantec]	10
Trojan-Spy.Banker.5858 [Ikarus]	10
Backdoor.Win32.Reload [Ikarus]	9
Trojan.Banker.LCW [Ikarus]	9
Trojan.Crypt.Delf.X [Ikarus]	9
Trojan-Banker.Win32.Banker.amzq [Kaspersky Lab]	9
Trojan-Banker.Win32.Banz.gp [Kaspersky Lab]	9
Trojan-Downloader.Win32.Agent.bvml [Kaspersky Lab]	9
Trojan-Spy.Win32.Banker.bbh [Ikarus]	9
Win-Trojan/Agent.677376.F [AhnLab]	9
Generic Downloader.x!a [McAfee]	8
Trojan-Downloader.Delf!sd6 [PC Tools]	8
Win-Trojan/Banker.597504.J [AhnLab]	8
PWS-Banker.gen.b [McAfee]	7
Trojan-Spy.Win32.Webmoner [Ikarus]	7
Generic PWS.y [McAfee]	6
not-a-virus:PSWTool.Win32.MailPassView.dr [Kaspersky Lab]	6
Possible_Virus [Trend Micro]	6
Trojan-Downloader.Agent!sd6 [PC Tools]	6
TrojanSpy:Win32/Bancos.DV [Microsoft]	6
Worm.Win32.Rokut [Ikarus]	6
Generic.dx [McAfee]	5
Trojan.Win32.Balisdat [Ikarus]	5
Trojan-Banker.Win32.Banbra [Ikarus]	5
TrojanDownloader:Win32/Banload.gen!B [Microsoft]	5
Trojan-Dropper.Delf [Ikarus]	5
Trojan-Spy.Banker.GEN [PC Tools]	5
Trojan-Spy.Win32.Bancos [Ikarus]	5
TrojanSpy:Win32/Banker.NP [Microsoft]	5
Backdoor.Win32.Agent.adsu [Kaspersky Lab]	4
Generic.Generic.Banker.Delf [Ikarus]	4
HeurEngine.Bancos [PC Tools]	4
Infostealer.Bancos!gen [Symantec]	4
Mal/Banspy-K, Mal/Banspy-F [Sophos]	4
New Win32 [McAfee]	4
PWS-Banker!bgq [McAfee]	4
Trojan:Win32/Balisdat.gen!A [Microsoft]	4
Trojan-Banker.Win32.Agent.z [Kaspersky Lab]	4
Trojan-Banker.Win32.Bancos [Ikarus]	4
Trojan-Banker.Win32.Banker.abds [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.acjo [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.airf [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.ajeh [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.allb [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.ammm [Kaspersky Lab]	4
Trojan-Banker.Win32.Banker.ansp [Kaspersky Lab]	4
Trojan-Downloader.Win32.Agent.bglh [Kaspersky Lab]	4
Trojan-Spy.Win32.Banker.JU [Ikarus]	4
Trojan-Spy.Win32.Banker.kax [Ikarus]	4
Trojan-Spy.Win32.Banker.lkd [Ikarus]	4
Trojan-Spy.Win32.Banker.lxq [Kaspersky Lab]	4
Win-Trojan/Banker.1450496 [AhnLab]	4
Win-Trojan/Banker.1888256.B [AhnLab]	4
Downloader [Symantec]	3
Generic PWS.b [McAfee]	3
Generic PWS.d [McAfee]	3
New Malware.eb [McAfee]	3
PWS-Banker!bvn [McAfee]	3
PWS-Banker!ee [McAfee]	3
Trojan.Generic [PC Tools]	3
Trojan-Banker.Win32.Banker.abes [Kaspersky Lab]	3
Trojan-Banker.Win32.Banker.ahzc [Kaspersky Lab]	3
Trojan-Banker.Win32.Banz.og [Kaspersky Lab]	3
Trojan-Dropper.Agent [Ikarus]	3
Trojan-Spy.Banker [Ikarus]	3
Trojan-Spy.Win32.Banker.USY [Ikarus]	3
TrojanSpy:Win32/Banker.USZ [Microsoft]	3

Mal/Banspy-F [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	527
	Israel	77
	Russian Federation	14
	Germany	2
	Spain	2

Mal/Banspy-F [Sophos] is known to be created as:

%AppData%\media_player3\spchost.exe

%CommonAppData%\llass.exe

%CommonAppData%\net_empresa.exe

%CommonAppData%\trabalho3.exe

%CommonPrograms%\startup\avg.exe

%CommonPrograms%\startup\help.scr

%CommonPrograms%\startup\iexplorer.exe

%CommonPrograms%\startup\java_up.exe

%CommonPrograms%\startup\kss.exe

%CommonPrograms%\startup\livemessenger.scr

%CommonPrograms%\startup\msnmsgr.exe

%CommonPrograms%\startup\svchost.exe

%CommonPrograms%\startup\syss.exe

%CommonPrograms%\startup\systray.exe

%CommonPrograms%\startup\win.exe

%System%\avisala.exe

%System%\aviso.exe

%System%\catroot\lsass.exe

%System%\certificado.scr

%System%\driver.exe

%System%\eguis.exe

%System%\explorer64.exe

%System%\help.scr

%System%\issas.exe

%System%\itoken.exe

%System%\kernel32.exe

%System%\live.exe

%System%\msmsgs.exe

%System%\msnmsgr.exe

%System%\msnmsnr.exe

%System%\msnorgl.exe

%System%\msnwabs.exe

%System%\ne.exe

%System%\rsend.exe

%System%\rwmsys32.exe

%System%\send.exe

%System%\servlces.exe

%System%\svchosts.exe

%System%\vchosts.exe

%System%\winlogon.scr

%Temp%\cgibin.exe

%Temp%\ixp000.tmp\explorer.exe

%Temp%\sistem.exe

%Temp%\tmp1.exe

%Temp%\winnt2.exe

%Temp%\winnt3.exe

%Temp%\winnt5.exe

%Temp%\winnt6.exe

%Windir%\arquivo1.exe

%Windir%\ctfmon.exe

%Windir%\help\dados\send.exe

%Windir%\iexplorer.exe

%Windir%\isass\lsasss.exe

%Windir%\mana.exe

%Windir%\media\hpmedia.exe

%Windir%\media\microsoft internet\send.exe

%Windir%\msagent\msnwab.exe

%Windir%\msagent\sendto.exe

%Windir%\options\send.exe

%Windir%\outs\outlooks.exe

%Windir%\sun\java\deployment\logs\send.exe

%Windir%\svchost.exe

%Windir%\system\csrss.exe

%Windir%\system\gbpsvs.exe

%Windir%\system\kl.exe

%Windir%\system\msnmsgr.exe

%Windir%\system\plugin.exe

%Windir%\system\sistem.exe

%Windir%\system\svchost.exe

%Windir%\system\taskmg.exe

%Windir%\system\win.exe

%Windir%\temp\msnmsgr.exe

%Windir%\winexec.exe

c:\arquivos windows\rems.exe

c:\commom files\msmsgw.exe

c:\commom files\wspres.exe

c:\llass.exe

c:\oteox\ob.exe

c:\oteox\on.exe

c:\sys32\lt.exe

c:\sys32\pr1.exe

c:\sys32\prn1.exe

c:\tempx\wn.exe

c:\win32\prnx1.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.