ThreatExpert's Statistics for Mal/Behav-027 [Sophos]:

Mal/Behav-027 [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan.DL.Agent.VRX [PC Tools]	59
Generic BackDoor.t [McAfee]	39
Virus.Win32.Agent.GZY [Ikarus]	38
Generic.dx [McAfee]	36
Backdoor:Win32/Popwin.gen!E [Microsoft]	33
W32.Popwin [Symantec]	33
Backdoor.Win32.Agent.rtg [Kaspersky Lab]	30
W32/Winko.worm.dll [McAfee]	27
Backdoor.GirlinRed [PC Tools]	25
Trojan.Panddos [Symantec]	23
Trojan-Downloader [Ikarus]	23
Backdoor.Trojan [Symantec]	21
Trojan Horse [Symantec]	21
Trojan.Generic [Ikarus]	20
Trojan.Win32.Vapsup.fgj [Kaspersky Lab]	16
Win-Trojan/Popwin.40960.J [AhnLab]	16
Backdoor.Win32.Agent.boi [Kaspersky Lab]	14
BackDoor-DKA [McAfee]	13
Downloader.gen.a [McAfee]	11
TrojanDownloader:Win32/Bizdup.gen [Microsoft]	11
WORM_AGENT.POU [Trend Micro]	10
Generic BackDoor [McAfee]	9
Trojan-Downloader.Win32.QQHelper.biq [Kaspersky Lab]	9
WORM_AUTORUN.TA [Trend Micro]	9
Backdoor.Win32.Agent.aqw [Kaspersky Lab]	8
Backdoor:Win32/Losfondup.A [Microsoft]	8
TROJ_AGENT.RC [Trend Micro]	8
Trojan-Downloader.Win32.QQHelper [Ikarus]	8
BKDR_AGENT.YWQ [Trend Micro]	7
Trojan.Adclicker [Symantec]	6
Backdoor.DHCPCom [PC Tools]	4
BKDR_AGENT.NAJ [Trend Micro]	4
Infostealer.Gampass [Symantec]	4
Net-Worm.Win32.Mofeir.o [Kaspersky Lab]	4
Trojan-Downloader.QQHelper!sd6 [PC Tools]	4
W32.SillyDC [Symantec]	4
W32/MoFei.worm [McAfee]	4
Worm.Win32.AutoRun.mdl [Kaspersky Lab]	4
Worm:Win32/Mofeir.F [Microsoft]	4
Backdoor.Win32.Agent.ahj [Kaspersky Lab]	3
Bloodhound.Unknown [Symantec]	3
Win-Trojan/QQHelper.82432.G [AhnLab]	3
Backdoor.Win32.Agent.buw [Kaspersky Lab]	2
Backdoor.Win32.Agent.bxn [Kaspersky Lab]	2
Backdoor.Win32.Agent.dgs [Kaspersky Lab]	2
Backdoor.Win32.Agent.fqk [Kaspersky Lab]	2
Backdoor:Win32/Blazgel.A.dll [Microsoft]	2
BKDR_AGENT.XJB [Trend Micro]	2
Downloader [Symantec]	2
Net-Worm.Win32.Mofeir [Ikarus]	2
TROJ_DLOADER.STM [Trend Micro]	2
Trojan.Popwin [Symantec]	2
Trojan.Win32.Pincav.nhz [Kaspersky Lab]	2
Trojan:Win32/Rirlged.gen!B [Microsoft]	2
Trojan-PSW.Gampass [PC Tools]	2
Win32.SuspectCrc [Ikarus]	2
Win-Trojan/Agent.110592.AG [AhnLab]	2
Win-Trojan/AutoRun.36864 [AhnLab]	2
Win-Trojan/Pincav.2355391 [AhnLab]	2
Worm.Win32.AutoRun.mnt [Kaspersky Lab]	2
Adware.Rugo [Symantec]	1
Application.Activity_Keylogger [PC Tools]	1
Backdoor.Agent!sd5 [PC Tools]	1
Backdoor.Trojan [PC Tools]	1
Backdoor.Win32.Agent.alkc [Kaspersky Lab]	1
Backdoor.Win32.Agent.ari [Kaspersky Lab]	1
Backdoor.Win32.Agent.gcr [Kaspersky Lab]	1
Backdoor.Win32.Blazgel [Ikarus]	1
Backdoor.Win32.GirlinRed.gh [Kaspersky Lab]	1
Backdoor.Win32.GirlinRed.gk [Kaspersky Lab]	1
Backdoor.Win32.GirlinRed.gw [Kaspersky Lab]	1
Backdoor.Win32.GirlinRed.ly [Kaspersky Lab]	1
Backdoor.Win32.Httpbot [Ikarus]	1
Backdoor.Win32.Httpbot.yi [Kaspersky Lab]	1
Backdoor.Win32.Idicaf [Ikarus]	1
Backdoor.Win32.Popwin.bfo [Kaspersky Lab]	1
Backdoor.Win32.Popwin.wx [Kaspersky Lab]	1
Backdoor:Win32/PcClient.BY!dll [Microsoft]	1
BackDoor-DNC [McAfee]	1
BackDoor-DTF [McAfee]	1
BackDoor-EKW [McAfee]	1
BKDR_AGENT.AMCJ [Trend Micro]	1
Downloader-BGJ [McAfee]	1
Dropper/Malware.3475788 [AhnLab]	1
Generic Downloader.x!lv [McAfee]	1
Generic PUP.h [McAfee]	1
Infostealer.Bancos [Symantec]	1
MonitoringTool:Win32/Softcows [Microsoft]	1
New Malware.ab [McAfee]	1
not-a-virus:AdWare.Win32.AdMoke [Ikarus]	1
not-a-virus:Monitor.Win32.ActiveKeyLogger.16 [Kaspersky Lab]	1
not-a-virus:NetTool.Win32.ZXProxy.a [Ikarus]	1
PWS:Win32/Tamenoc.A [Microsoft]	1
Spyware.ActivityKey [Symantec]	1
Trackware.Alexa [Symantec]	1
TROJ_WINKO.AH [Trend Micro]	1
Trojan.Agent.HDZ [PC Tools]	1
Trojan.Hackdoor.A [Ikarus]	1
Trojan.Win32.Agent.zkz [Kaspersky Lab]	1
Trojan.Win32.Pincav.gto [Kaspersky Lab]	1

Mal/Behav-027 [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	20
	Denmark	2
	Germany	1
	Poland	1
	Republic of Korea	1
	Russian Federation	1
	Saudi Arabia	1
	Spain	1
	Ukraine	1
	United Kingdom	1

Mal/Behav-027 [Sophos] is known to be created as:

%AppData%\scotrugn.dll

%ProgramFiles%\activity keylogger\actik.exe

%System%\213a0440.dll

%System%\4614bbc0.dll

%System%\6553bb80.dll

%System%\a32pas.dll

%System%\dhcpcom.dll

%System%\dllpoloup.dll

%System%\eorbebx.dll

%System%\f1d7a6c2.dll

%System%\ghgwin.dll

%System%\giarwcra.dll

%System%\irmonapi.dll

%System%\jejeelo.dll

%System%\myname.dll

%System%\netddesvr.dll

%System%\routing.dll

%System%\sheatoas.dll

%System%\smlogsvc33.dll

%System%\vtingwin.dll

%System%\winasuexni.dll

%Windir%\systom32\svchost.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.