ThreatExpert's Statistics for Mal/Emogen-N [Sophos]:

Mal/Emogen-N [Sophos] is also known as:

Threat Alias	Number of Incidents
Downloader [Symantec]	52
Downloader.gen.a [McAfee]	42
Trojan-Downloader.Win32.Adload.fu [Kaspersky Lab]	40
Generic.dx [McAfee]	28
Trojan-Downloader.Adload!sd6 [PC Tools]	24
Backdoor.Trojan [Symantec]	21
TROJ_DLOADER.QXK [Trend Micro]	20
Trojan:Win32/Meredrop [Microsoft]	16
Possible_Virus [Trend Micro]	14
Infostealer.Gampass [Symantec]	11
Trojan-Dropper.Win32.Agent.wdv [Kaspersky Lab]	11
Backdoor.Graybird [Symantec]	9
not-a-virus:AdWare.Win32.Cinmus.snp [Kaspersky Lab]	9
TROJ_ONLINEG.HCD [Trend Micro]	9
Trojan Horse [Symantec]	8
BackDoor-AWQ.b [McAfee]	7
Backdoor.Graybird.GEN [PC Tools]	6
BKDR_HUPIGON.EVG [Trend Micro]	6
Mal_Banker [Trend Micro]	6
Trojan.Adclicker [Symantec]	6
W32.Small.gen [Symantec]	6
W32/NGVCK.a.1792 [McAfee]	6
Worm.Win32.AutoRun.ejy [Kaspersky Lab]	6
Worm:Win32/Emerleox.L [Microsoft]	6
BackDoor-AWQ [McAfee]	5
Generic Downloader.x [McAfee]	5
PWS-Banker [McAfee]	5
Infostealer.Onlinegame [Symantec]	4
Trojan.DL.Delf.ATHC [PC Tools]	4
Trojan.Zlob [Ikarus]	4
Trojan-Downloader.Win32.Delf.czr [Kaspersky Lab]	4
Trojan-Downloader.Win32.Delf.pov [Kaspersky Lab]	4
W32.Arpiframe [Symantec]	4
Adware.Cinmus!sd6 [PC Tools]	3
Backdoor.Win32.GrayBird.EJ [Ikarus]	3
Backdoor:Win32/Hupigon [Microsoft]	3
Generic PUP.x [McAfee]	3
Trojan:Win32/Delf.CO [Microsoft]	3
Trojan-Spy.Banker [Ikarus]	3
W32.Versie.A [Symantec]	3
Worm.AutoRun!sd6 [PC Tools]	3
Backdoor.Win32.Agent.sk [Kaspersky Lab]	2
Generic Adware.a [McAfee]	2
Infostealer.Bancos [Symantec]	2
Infostealer.Lineage [Symantec]	2
New Malware.u [McAfee]	2
PWS-Lineage [McAfee]	2
TROJ_AGENT.AHTN [Trend Micro]	2
Trojan.FakeAlert [PC Tools]	2
Trojan.Panddos [Symantec]	2
Trojan.Win32.Dialer.bvx [Ikarus]	2
Trojan:Win32/Agent [Microsoft]	2
Trojan-Downloader.Delf!sd6 [PC Tools]	2
Trojan-Dropper.Agent [Ikarus]	2
Trojan-Dropper.Agent!sd6 [PC Tools]	2
TrojanDropper:Win32/Dowque.A [Microsoft]	2
TrojanSpy:Win32/Delf.gen!A [Microsoft]	2
VirTool:Win32/DelfInject.gen!L [Microsoft]	2
Win32.SuspectCrc [Ikarus]	2
Worm.Win32.Fujack [Ikarus]	2
Backdoor [Ikarus]	1
Backdoor.Agent [PC Tools]	1
Backdoor.Agent.EFJU [PC Tools]	1
Backdoor.Agent.EGUK [PC Tools]	1
Backdoor.Bifrose [Symantec]	1
Backdoor.Graybird!Gen [Symantec]	1
Backdoor.Hupigon [Ikarus]	1
Backdoor.Hupigon.ANRE [PC Tools]	1
Backdoor.Hupigon.AXL [PC Tools]	1
Backdoor.Win32.Agent.qht [Kaspersky Lab]	1
Backdoor.Win32.Bifrose.rpc [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.aaxv [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.aojv [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.bmpq [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.btmh [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.cwd [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.czeg [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.mx [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.nbp [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.rzl [Kaspersky Lab]	1
Backdoor.Win32.Rbot.qet [Kaspersky Lab]	1
Backdoor.Win32.SdBot [Ikarus]	1
Backdoor:Win32/Agent [Microsoft]	1
Backdoor:Win32/Wisdoor.gen [Microsoft]	1
BackDoor-CEP [McAfee]	1
Downloader.Bancos [Symantec]	1
Downloader.Trojan [Symantec]	1
Downloader-ACH [McAfee]	1
Generic BackDoor [McAfee]	1
Generic Delphi [McAfee]	1
Generic PWS.b [McAfee]	1
Generic PWS.y [McAfee]	1
Generic StartPage [McAfee]	1
Infostealer [Symantec]	1
New Malware.aj [McAfee]	1
New Malware.aq [McAfee]	1
New Malware.ct [McAfee]	1
New Malware.dv [McAfee]	1
New Malware.hi [McAfee]	1
not-a-virus:AdWare.Win32.BHO.cwf [Kaspersky Lab]	1

Mal/Emogen-N [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	110
	Brazil	29
	Japan	5
	Taiwan	4
	Ukraine	2
	Canada	1
	Indonesia	1
	United Kingdom	1

Mal/Emogen-N [Sophos] is known to be created as:

%CommonPrograms%\startup\ctfmen.exe

%CommonPrograms%\startup\iexpres.exe

%ProgramFiles%\common files\system\eglixpn.exe

%ProgramFiles%\common files\system\nboqcey.exe

%ProgramFiles%\meex.exe

%ProgramFiles%\secplugin\secnotifier.exe

%ProgramFiles%\sucop\secplugin\secnotifier.exe

%System%\_bxhty1.exe

%System%\_msinfo.exe

%System%\_servernet.exe

%System%\_systemss.exe

%System%\cefalo.exe

%System%\certmgr.exe

%System%\cltmon.exe

%System%\dlbar.exe

%System%\drivers\spoclsv.exe

%System%\iexpres.exe

%System%\jkafskd.exe

%System%\qq04.exe

%System%\qqsoa.exe

%System%\qqvip.exe

%System%\sichost.exe

%System%\svc32.exe

%System%\svchosts.exe

%System%\sysbar.exe

%System%\system.dll

%Temp%\ansav.exe

%Temp%\fg677p9d.exe

%Temp%\telegrama445br.com

%Temp%\ylyq2.exe

%Windir%\dsaip32b.dll

%Windir%\iebho.dll

%Windir%\svchost.exe

%Windir%\tmgr32.exe

%Windir%\windows.exe

c:\bxhty1.exe

c:\fhrqdpi.exe

c:\systemss.exe

c:\temp\svchost.exe

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.