Threat Search: 

ThreatExpert's Statistics for Mal/Behav-024 [Sophos]:

Mal/Behav-024 [Sophos] is also known as:
Threat AliasNumber of Incidents
Trojan-Downloader.Win32.Agent.bhmm [Kaspersky Lab]32
Downloader [Symantec]28
Trojan Horse [Symantec]28
Rootkit.Agent [Ikarus]26
Trojan-Downloader.Agent!sd6 [PC Tools]18
Worm.Win32.Fujack.cc [Ikarus]17
Trojan.Dropper [Symantec]14
Trojan-PWS.Win32.QQPass [Ikarus]12
Trojan:Win32/Agent.BM [Microsoft]11
W32.SillyDC [Symantec]11
Backdoor.Trojan [Symantec]10
Worm:Win32/Emerleox.gen!A [Microsoft]10
Generic BackDoor [McAfee]9
Win-Trojan/Xema.variant [AhnLab]9
Generic.dx [McAfee]8
Trojan.Win32.Agent [Ikarus]8
W32.Fujacks.E [Symantec]8
W32.SillyFDC [Symantec]8
BackDoor-DVF [McAfee]7
Infostealer.Gampass [Symantec]7
MalwareScope.Trojan-PWS.Game [Ikarus]7
PE_FUJACKS.BZ-O [Trend Micro]7
Trojan-Dropper.Delf [Ikarus]7
W32/Fujacks.gen.a [McAfee]7
Worm.Win32.AutoRun.sve [Kaspersky Lab]7
Trojan.Crypt [Ikarus]6
Trojan-Downloader.Win32.Small [Ikarus]6
VirTool:Win32/DelfInject.gen!X [Microsoft]6
Worm:Win32/Autorun.CY [Microsoft]6
BackDoor-CKB [McAfee]5
Generic PWS.y [McAfee]5
PWS-Gamania [McAfee]5
Trojan.Banker.Delf [Ikarus]5
Virus.Win32.Atraps [Ikarus]5
Win-Trojan/Hupigon.Gen [AhnLab]5
Backdoor.Formador [Symantec]4
Backdoor.Prosti.BH [PC Tools]4
Backdoor.Win32.Hupigon.crch [Kaspersky Lab]4
Backdoor.Win32.Prosti.bn [Kaspersky Lab]4
BKDR_AGENT.ALD [Trend Micro]4
Trojan.Small [Ikarus]4
Trojan.Win32.Delf.dal [Kaspersky Lab]4
Trojan.Win32.Delf.hva [Kaspersky Lab]4
Trojan-Downloader.Win32.Murlo.azl [Kaspersky Lab]4
Trojan-Dropper.Agent [Ikarus]4
Trojan-PWS.Win32.OnLineGames [Ikarus]4
VirTool.Win32.DelfInject [Ikarus]4
Virus.Win32.Hacko [Ikarus]4
Virus.Win32.PCAgent.S [Ikarus]4
Win32.HLLP.WHBoy.Gen [PC Tools]4
Win-Trojan/Hupigon.147968.G [AhnLab]4
Backdoor.Graybird [Symantec]3
Infostealer.Onlinegame [Symantec]3
PE_FUJACKS.BY-O [Trend Micro]3
PE_FUJACKS.IF-O [Trend Micro]3
Trojan.DR.OnlineGames.Gen.83 [PC Tools]3
Trojan-Spy.Win32.Agent.pn [Ikarus]3
TrojanSpy:Win32/Hitpop.AE!dll [Microsoft]3
Virus.Win32.Agent.PUP [Ikarus]3
W32.Hitapop [Symantec]3
W32/Autorun.worm.gen [McAfee]3
Worm.Win32.AutoRun.eio [Kaspersky Lab]3
Worm.Win32.AutoRun.lsd [Kaspersky Lab]3
Worm.Win32.Fujack.ci [Kaspersky Lab]3
Backdoor.Klj [Ikarus]2
Backdoor.Win32.Popwin [Ikarus]2
Backdoor:Win32/Small.D [Microsoft]2
Downloader-BFO [McAfee]2
Generic Downloader.x [McAfee]2
Mal_Banker [Trend Micro]2
PE_FUJACKS.HB-O [Trend Micro]2
PWS:Win32/Lmir.E [Microsoft]2
PWS:Win32/OnLineGames.ZDR [Microsoft]2
PWS-OnlineGames.f [McAfee]2
Spy-Agent.br.dll [McAfee]2
Spy-Agent.k [McAfee]2
Stayt.dll [McAfee]2
TROJ_DELF.IVK [Trend Micro]2
Trojan.Bankem [Symantec]2
Trojan.Win32.Agent.buml [Kaspersky Lab]2
Trojan.Win32.Delf.gim [Kaspersky Lab]2
Trojan:Win32/SystemHijack.gen!C [Microsoft]2
Trojan-Downloader.Win32.Banload [Ikarus]2
Trojan-Downloader.Win32.Delf.pds [Kaspersky Lab]2
Trojan-Proxy.Win32.Delf.AN [Ikarus]2
Trojan-Spy.Delf [Ikarus]2
Trojan-Spy.Win32.Goldun.bw [Kaspersky Lab]2
Trojan-Spy.Win32.Pophot.bog [Kaspersky Lab]2
TrojanSpy:Win32/Goldun.BW [Microsoft]2
TSPY_AGENT.AI [Trend Micro]2
TSPY_ONLINEG.QBP [Trend Micro]2
Virus.Win32.Agent.UWD [Ikarus]2
Virus.Win32.Viking [Ikarus]2
Virus:Win32/Viking.JB [Microsoft]2
W32.SillyWNSE [Symantec]2
Win-Trojan/Hupigon.75783 [AhnLab]2
Worm.AutoRun.GEN [PC Tools]2
Worm.Win32.AutoRun.bms [Kaspersky Lab]2
Worm.Win32.Fujack.aw [Kaspersky Lab]2
Worm.Win32.Fujack.cf [Kaspersky Lab]2

Mal/Behav-024 [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
China58
Brazil39
Japan18
Republic of Korea3
Ukraine2
United Kingdom1

Mal/Behav-024 [Sophos] is known to be created as:
%CommonAppData%\%computername%\snhost.exe
%ProgramFiles%\internet explorer\signup\conime.exe
%ProgramFiles%\meex.exe
%System%\360safefix.dll
%System%\3800hk.dll
%System%\antieng.dll
%System%\avjcsrvx.exe
%System%\baidu.exe
%System%\bserver.dll
%System%\cache\syssafe.exe
%System%\cbak.exe
%System%\cltmon.exe
%System%\cool_gamesetup.exe.exe
%System%\drivers\spoclsv.exe
%System%\drivers\suchost.exe
%System%\drivers\svchosl.exe
%System%\drivers\txp1atform.exe
%System%\explorer.exe
%System%\extensionsk.exe
%System%\fordown.exe
%System%\icwutieinll.dll
%System%\ixerhq.exe
%System%\jksing.dll
%System%\kxuaqm.exe
%System%\local.dll
%System%\lofsdjbo.dll
%System%\microsoftcorporation.dll
%System%\mndhfdwd.dll
%System%\msn.exe
%System%\network.dll
%System%\nvsvc86.exe
%System%\qin58.exe
%System%\qq.dll
%System%\rejoice.dll
%System%\s.exe
%System%\servidor.exe
%System%\sizhu.exe
%System%\sorck.exe
%System%\spoclsv.exe
%System%\stormserver.dll
%System%\system64.exe
%System%\twain.dll
%System%\twain0.dll
%System%\vest.dll
%System%\vmdetdhc.exe
%System%\w32module.exe
%System%\weiai.exe
%System%\winsys32_070122.dll
%System%\winsys32_070123.dll
%System%\winwps32.dll
%Temp%\1045.exe
%Temp%\ixp000.tmp\02.exe
%Temp%\temp\server.exe
%Temp%\tt.exe
%Windir%\dcbdcatys32_080716a.dll
%Windir%\ntmssvc.dll
%Windir%\system32stopaor.exe
%Windir%\tttt.exe
%Windir%\winhost32.exe
%Windir%\xccdf32_080926a.dll
Notes:
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.