Threat Search: 

ThreatExpert's Statistics for Mal/Behav-031 [Sophos]:

Mal/Behav-031 [Sophos] is also known as:
Threat AliasNumber of Incidents
Trojan-PWS.Magania.AMTN [PC Tools]159
Infostealer.Gampass [Symantec]156
Trojan-GameThief.Win32.Magania [Ikarus]156
Trojan-Dropper.Win32.Small.ceh [Kaspersky Lab]84
Infostealer.Onlinegame [Symantec]51
Trojan.Win32.Agent.xlm [Kaspersky Lab]17
Trojan-Dropper.Win32.Small.ceg [Kaspersky Lab]17
Virus.Win32.Agent.UWD [Ikarus]17
Backdoor.Trojan [Symantec]12
Downloader [Symantec]11
PWS.Win32.OnLineGames [Ikarus]11
Trojan-GameThief.Win32.Magania.aodn [Kaspersky Lab]10
Trojan.Win32.Inject.lum [Kaspersky Lab]9
Trojan-GameThief.Win32.Magania.aonv [Kaspersky Lab]9
Generic.dx [McAfee]8
New Malware.aj [McAfee]6
Trojan Horse [Symantec]6
Trojan.Win32.Agent.xjc [Kaspersky Lab]6
Trojan-Dropper.Win32.Agent.alpl [Kaspersky Lab]5
Trojan-GameThief.Win32.Magania.amvs [Kaspersky Lab]5
Backdoor.Win32.Agent.ahra [Kaspersky Lab]4
Backdoor.Win32.Agent.wef [Kaspersky Lab]4
Dropper/Agent.30720.AG [AhnLab]4
Generic Downloader.x [McAfee]4
Generic Dropper!v [McAfee]4
Trojan.Win32.Agent.yeg [Kaspersky Lab]4
Trojan.Win32.Agent.ysn [Kaspersky Lab]4
Trojan-Spy.Agent [Ikarus]4
Trojan-Spy.Onlinegame!sd6 [PC Tools]4
Possible_DLDER [Trend Micro]3
Trojan.DR.Lmir.Gen.4 [PC Tools]3
Trojan.Generic [PC Tools]3
Trojan-Dropper.Agent [Ikarus]3
Trojan-GameThief.Win32.Magania.anoj [Kaspersky Lab]3
Downloader.Goobiz [Symantec]2
Gen.Trojan [Ikarus]2
Generic Dropper [McAfee]2
Generic.dx!eq [McAfee]2
Suspicious.MH690 [Symantec]2
Trojan.Dropper [Symantec]2
Trojan.Win32.Agent [Ikarus]2
Trojan.Win32.Agent.xjz [Kaspersky Lab]2
Trojan.Win32.Agent.yif [Kaspersky Lab]2
Trojan.Win32.Agent.ynz [Kaspersky Lab]2
Trojan.Win32.Agent.zfy [Kaspersky Lab]2
Trojan.Zlob [Symantec]2
Trojan:Win32/Bumat!rts [Microsoft]2
Trojan-Clicker.Win32.Agent.ip [Kaspersky Lab]2
Trojan-Downloader.Win32.Agent.ahyl [Kaspersky Lab]2
Trojan-Dropper.Win32.Agent.almh [Kaspersky Lab]2
Trojan-GameThief.Win32.Magania.amom [Kaspersky Lab]2
Trojan-GameThief.Win32.Magania.amoq [Kaspersky Lab]2
Trojan-GameThief.Win32.Magania.ampx [Kaspersky Lab]2
Trojan-PWS.Online [Ikarus]2
Win32.SuspectCrc [Ikarus]2
Adware.Purityscan [Symantec]1
Adware-BonusCash [McAfee]1
Backdoor.Beasty [Symantec]1
Backdoor.Win32.Agent.aknl [Kaspersky Lab]1
Backdoor.Win32.PoisonIvy.if [Kaspersky Lab]1
Backdoor.Win32.Xdoor.21 [Kaspersky Lab]1
Backdoor.WinNT.Farfli [Ikarus]1
Backdoor.Xdoor.MY [PC Tools]1
Backdoor:Win32/Small.L [Microsoft]1
Downloader.gen.a [McAfee]1
Downloader.Generic [PC Tools]1
Downloader.Trojan [Symantec]1
Generic BackDoor [McAfee]1
Generic Downloader.ab [McAfee]1
Generic Dropper!hv.n [McAfee]1
Generic.abz [McAfee]1
Generic.dk [McAfee]1
Generic.dx!tz [McAfee]1
Infostealer.Bancos [Symantec]1
Mal/Behav-116 [Sophos]1
Mal/Generic-A, Mal/Behav-031 [Sophos]1
PWS-Banker [McAfee]1
Rootkit.Win32.Agent.dca [Kaspersky Lab]1
TROJ_AGENT.ABSJ [Trend Micro]1
TROJ_AGENT.ZTH [Trend Micro]1
TROJ_FAKENIT.C [Trend Micro]1
TROJ_ZLOB.EXN [Trend Micro]1
Trojan.Agent!sd6 [PC Tools]1
Trojan.Popuper [PC Tools]1
Trojan.PR.Delf.BAOH [PC Tools]1
Trojan.PWS.Lmir.BQG [PC Tools]1
Trojan.Win32.Agent.ytz [Kaspersky Lab]1
Trojan.Win32.Agent.zaj [Kaspersky Lab]1
Trojan.Win32.Agent.zet [Kaspersky Lab]1
Trojan.Win32.Scar.vwe [Kaspersky Lab]1
Trojan.Win32.Small.buq [Kaspersky Lab]1
Trojan.Zlob!sd6 [PC Tools]1
Trojan:Win32/Lowzones.gen!D [Microsoft]1
Trojan:Win32/Malagent [Microsoft]1
Trojan:Win32/Meredrop [Microsoft]1
Trojan-Clicker.Agent!sd5 [PC Tools]1
Trojan-Clicker.Win32.Agent.qc [Kaspersky Lab]1
Trojan-Downloader.Agent [Ikarus]1
Trojan-Downloader.Win32.Agent [Ikarus]1
Trojan-Downloader.Win32.Pangu [Ikarus]1

Mal/Behav-031 [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
China252
Republic of Korea16
Italy3
Russian Federation2
Turkey1

Mal/Behav-031 [Sophos] is known to be created as:
%AppData%\adobe\manager.exe
%AppData%\cigicigivip32.exe
%System%\360safe.exe
%System%\amsr.exe
%System%\btdsos.exe
%System%\btsdos.exe
%System%\daye.exe
%System%\fygood.exe
%System%\gagaga.exe
%System%\killbt.exe
%System%\malware\malware\7536567.exe
%System%\msdev.exe
%System%\nxd.exe
%System%\servce.exe
%System%\winhelp.exe
%System%\winhelp32.exe
%System%\winsvc\svc\google.exe
%System%\wmiapise.exe
%Temp%\1.5904.hdvideo.extension.exe
%Temp%\4.6003.exe
%Temp%\a862d8c9.exe
%Temp%\dwl1.tmp.exe
%Temp%\ixp000.tmp\3.5953.exe
%Temp%\ixp000.tmp\update.exe
%Temp%\xpanxionvirus\winhelp32.exe
%Temp%\xpanxionvirus2\q001.exe
%Windir%\msiutil.exe
%Windir%\system\lprhelp32.dll
%Windir%\winhegus2.exe
%Windir%\xunlei.exe
c:\gameload.dll
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.