ThreatExpert's Statistics for Mal/Dorf-A [Sophos]:

Mal/Dorf-A [Sophos] is also known as:

Threat Alias	Number of Incidents
PWS:Win32/Stealer.M [Microsoft]	24
Infostealer.Gampass [Symantec]	21
Mal/Generic-A [Sophos]	20
Trojan-Dropper.Win32.Agent.anpx [Kaspersky Lab]	20
W32/Spybot.worm!a [McAfee]	20
Suspicious.MH690 [Symantec]	19
New Malware.aj [McAfee]	18
Infostealer [Symantec]	17
Trojan-Dropper.Agent [Ikarus]	17
VirTool:Win32/DelfInject.gen!N [Microsoft]	17
Generic Downloader.e [McAfee]	16
Trojan-Dropper.Delf [Ikarus]	16
Trojan.Dropper [Symantec]	15
Generic.dx [McAfee]	13
Backdoor.Trojan [Symantec]	12
Backdoor.Win32.Bifrose.aerg [Kaspersky Lab]	10
Downloader [Symantec]	10
Trojan-Dropper.Agent!sd6 [PC Tools]	10
Trojan.Genlot.CXP [Ikarus]	9
Trojan:Win32/Pacoheir.A [Microsoft]	9
Trojan-Dropper.Win32.Agent.aoc [Kaspersky Lab]	9
Hacktool [Symantec]	8
Packed/Upack [AhnLab]	8
Trojan Horse [Symantec]	8
Win32.SuspectCrc [Ikarus]	8
Dropper/Xema.21504.G [AhnLab]	7
Trojan:Win32/Tibs.J [Microsoft]	7
Trojan-Downloader.Win32.Agent.blm [Kaspersky Lab]	7
TrojanDropper:Win32/Agent [Microsoft]	7
TSPY_ONLINEG.KPK [Trend Micro]	7
Trojan.DL.Agent.WVB [PC Tools]	6
TrojanDownloader:Win32/Delf.GK [Microsoft]	6
TROJ_ZLOB.BCK [Trend Micro]	5
Trojan.Popuper [PC Tools]	5
Trojan.Tibs.AMY [PC Tools]	5
Trojan.Win32.Agent.btry [Kaspersky Lab]	5
Trojan:Win32/Agent.PF [Microsoft]	5
Virus.Win32.Delf.APJ [Ikarus]	5
Dropper/Agent.362791 [AhnLab]	4
Dropper/Agent.49152.O [AhnLab]	4
Packed.Win32.Krap.ai [Kaspersky Lab]	4
Trojan-Downloader.Win32.Small.zxi [Kaspersky Lab]	4
Trojan-PWS.Win32.Agent.hf [Ikarus]	4
Backdoor.Bifrose [Symantec]	3
Backdoor.Win32.Bifrose.la [Kaspersky Lab]	3
Backdoor.Win32.Small.hnz [Kaspersky Lab]	3
Backdoor:Win32/Bifrose [Microsoft]	3
BackDoor-CEP [McAfee]	3
Downloader.gen.a [McAfee]	3
Generic PWS.y [McAfee]	3
MultiDropper-RX [McAfee]	3
Trojan:Win32/Tibs.HP [Microsoft]	3
Trojan-Downloader.Win32.Cutwail [Ikarus]	3
TrojanDownloader:Win32/Cutwail.gen!C [Microsoft]	3
Trojan-Dropper.Delf.Crypt.C [Ikarus]	3
Trojan-PWS.Win32.LdPinch [Ikarus]	3
W32/Virut.gen [McAfee]	3
Backdoor.Bifrose!sd6 [PC Tools]	2
Backdoor:WinNT/Farfli.E!sys [Microsoft]	2
BackDoor-CEP.svr [McAfee]	2
Generic Dropper [McAfee]	2
Generic Malware.gv [McAfee]	2
Generic.PWS.Games [Ikarus]	2
MemScanRootkit.3315 [Ikarus]	2
Packed.Win32.Krap [Ikarus]	2
PE_VIRUT.XO [Trend Micro]	2
PWS-LDPinch [McAfee]	2
PWS-Lineage [McAfee]	2
Spammer:Win32/Tedroo.AB [Microsoft]	2
TROJ_AGENT.APDC [Trend Micro]	2
Trojan.Packed.13 [Symantec]	2
Trojan.Win32.Agent.qnn [Kaspersky Lab]	2
Trojan:Win32/Qwinto.A [Microsoft]	2
Trojan:Win32/Tibs.CG [Microsoft]	2
TrojanDownloader:Win32/Pakernat.A [Microsoft]	2
Trojan-Dropper [Ikarus]	2
Trojan-Dropper.Win32.Agent.qtw [Kaspersky Lab]	2
Trojan-GameThief.Win32.OnLineGames.srxm [Kaspersky Lab]	2
Trojan-PSW.Win32.LdPinch.ulx [Kaspersky Lab]	2
Virus.Win32.Crypt.CIK [Ikarus]	2
Virus.Win32.PrefPoly [Ikarus]	2
Virus.Win32.Trojan [Ikarus]	2
Virus.Win32.Virut.n [Kaspersky Lab]	2
Virus.Win32.Virut.q [Kaspersky Lab]	2
Virus:Win32/Virut.AK [Microsoft]	2
Virus:Win32/Virut.AP [Microsoft]	2
W32.Virut.B [Symantec]	2
Win32.Virut.Gen [PC Tools]	2
Win32.Virut.Gen.5 [PC Tools]	2
Win32/Virut.D [AhnLab]	2
Win-Trojan/OnlineGameHack.B [AhnLab]	2
Win-Trojan/Xema.variant [AhnLab]	2
Worm:Win32/Autorun.UC [Microsoft]	2
Worm:Win32/Otwycal.gen!A [Microsoft]	2
Worm:Win32/Pushbot.gen!C [Microsoft]	2
Backdoor.Win32.Bifrose.ahpc [Kaspersky Lab]	1
Backdoor.Win32.Bifrose.rda [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.bqq [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.grfu [Kaspersky Lab]	1
Backdoor:Win32/Bifrose.gen!A [Microsoft]	1

Mal/Dorf-A [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	53
	Germany	7
	Sweden	2
	United Kingdom	2
	Austria	1
	Brazil	1
	Russian Federation	1
	Switzerland	1

Mal/Dorf-A [Sophos] is known to be created as:

%AppData%\services.exe

%AppData%\unhackme.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\dvd2one\asload.exe

%ProgramFiles%\reem3\reemgg.exe

%ProgramFiles%\sami\server.exe

%System%\.0000000000cd1a40\0000000000cd1a40.exe

%System%\bifrost\new.exe

%System%\bifrost\server.exe

%System%\dllhost32.exe

%System%\fastnetsrv.exe

%System%\kernels88.exe

%System%\lnwin.exe

%System%\logon.exe

%System%\messenger\msn.exe

%System%\moviemk.exe

%System%\reader_s.exe

%System%\sysdat.com

%System%\system conf\loadwindows.exe

%System%\toolsys.exe

%System%\visit.exe

%Temp%\0.exe

%Temp%\dog.exe

%Temp%\dogs\conimel.exe

%Temp%\istealer_3.0.exe

%Temp%\ixp000.tmp\bifrost.exe

%Temp%\ixp000.tmp\crypter.exe

%Temp%\ixp000.tmp\ok.exe

%Temp%\kafan virlist 2009.03.23\090323-b-7.exe

%Temp%\scan.exe

%Temp%\tmp1.exe

%UserProfile%\reader_s.exe

%Windir%\jusched.exe

%Windir%\pernet.exe

%Windir%\remoteabc.exe

%Windir%\services.exe

%Windir%\sys1.exe

%Windir%\system\se.exe

%Windir%\tasks\0x01xx8p.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.