ThreatExpert's Statistics for Mal/Emogen-Y [Sophos]:

Mal/Emogen-Y [Sophos] is also known as:

Threat Alias	Number of Incidents
W32.Pagipef [Symantec]	5,227
PE_PAGIPEF.BR-O [Trend Micro]	2,920
Trojan-PSW.Agent!sd6 [PC Tools]	2,731
TSPY_ONLINEGA.AE [Trend Micro]	1,752
Trojan-PSW.Win32.Agent.acp [Kaspersky Lab]	1,586
Win32.Xorer.K [PC Tools]	1,296
Trojan-PWS.Win32.Agent [Ikarus]	680
Win-Trojan/Diskgen.32256 [AhnLab]	601
Virus.Win32.Xorer.ee [Kaspersky Lab]	600
Virus.Win32.Xorer [Ikarus]	250
Trojan-PWS.Win32.Agent.acp [Ikarus]	245
Trojan-PWS.Agent!ct [PC Tools]	160
Virus.Win32.Xorer.ee [Ikarus]	144
Trojan-PWS.Agent!sd6 [PC Tools]	120
Trojan.KillAV [Symantec]	109
Win-Trojan/Xema.32256.E [AhnLab]	96
Trojan.Win32.AgentBypass [Ikarus]	79
Trojan:Win32/AgentBypass.gen!I [Microsoft]	78
TSPY_AGENT.AIQV [Trend Micro]	45
W32.Pagipef.I [Symantec]	41
TROJ_PAGIPEF.BK [Trend Micro]	36
Generic.dx [McAfee]	26
Virus.Win32.Xorer.eb [Kaspersky Lab]	20
Backdoor.Win32.Agent.utw [Kaspersky Lab]	19
Trojan-Dropper.Delf [Ikarus]	17
TROJ_PAGIPEF.AU [Trend Micro]	16
Trojan:Win32/Perkesh.A [Microsoft]	16
Worm.AutoRun.GEN [PC Tools]	16
TROJ_DELF.FKM [Trend Micro]	15
Virus.Win32.Xorer.dt [Kaspersky Lab]	14
Win-Trojan/Xema.variant [AhnLab]	14
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]	13
Trojan.Win32.KillAV.bao [Kaspersky Lab]	13
Trojan.Adclicker [Symantec]	12
Trojan.Win32.Delf.kyq [Kaspersky Lab]	12
Win32.Xorer.F [PC Tools]	12
Win-Trojan/Agent.194560.O [AhnLab]	12
Win-Trojan/Agent.41984.IB [AhnLab]	12
Backdoor.Win32.Agent.admg [Kaspersky Lab]	11
Downloader [Symantec]	11
Trojan Horse [Symantec]	11
Trojan.Win32.KillAV.azk [Kaspersky Lab]	11
Trojan-Dropper.Agent [Ikarus]	11
Backdoor.Win32.Agent.uyp [Kaspersky Lab]	9
Trojan.Win32.Delf.cmn [Kaspersky Lab]	9
TrojanDownloader:Win32/Cutwail.W [Microsoft]	9
Backdoor.Win32.Agent.vfc [Kaspersky Lab]	8
TROJ_PAGIPEF.BG [Trend Micro]	7
Trojan.KillAV!sd6 [PC Tools]	7
W32/Autorun.worm.gen [McAfee]	7
Backdoor.SdBot.DFSG [Ikarus]	6
Trojan.Win32.Agent.alcb [Kaspersky Lab]	6
Trojan.Win32.KillAV.azv [Kaspersky Lab]	6
Trojan-Dropper.Win32.Agent.afor [Kaspersky Lab]	6
Virus.Win32.Xorer.du [Kaspersky Lab]	6
Win-Trojan/Agent.155648.DI [AhnLab]	6
Win-Trojan/Agent.32256.BS [AhnLab]	6
Worm.AutoRun.qar [PC Tools]	6
Backdoor.Trojan [Symantec]	5
Trojan:Win32/Veslorn.gen!A [Microsoft]	5
TrojanDownloader:Win32/Small [Microsoft]	5
W32.Whybo.Z [Symantec]	5
Win-Trojan/Agent.25088.LN [AhnLab]	5
Backdoor.Win32.Small.hgi [Kaspersky Lab]	4
Backdoor:Win32/Luder.H [Microsoft]	4
Downloader-AZH [McAfee]	4
Downloader-BFO [McAfee]	4
Generic BackDoor [McAfee]	4
Generic Downloader.k [McAfee]	4
Generic Downloader.x [McAfee]	4
New Malware.ab [McAfee]	4
Trojan.DL.Agent.EFUV [PC Tools]	4
Trojan.Win32.Agent [Ikarus]	4
Trojan-Downloader.Small!sd5 [PC Tools]	4
Trojan-Downloader.Win32.Agent.bwpx [Kaspersky Lab]	4
Trojan-Downloader.Win32.Agent.wfx [Kaspersky Lab]	4
Trojan-Downloader.Win32.Delf.dhk [Kaspersky Lab]	4
Trojan-Downloader.Win32.Small [Ikarus]	4
Trojan-Downloader.Win32.Small.dxm [Kaspersky Lab]	4
VirTool:Win32/DelfInject.gen!T [Microsoft]	4
Virus.Win32.Delf.EQM [Ikarus]	4
Virus.Win32.Trojan [Ikarus]	4
Virus.Win32.Xorer.ds [Kaspersky Lab]	4
W32.SillyDC [Symantec]	4
Win-Trojan/Downloader.6689.B [AhnLab]	4
Win-Trojan/Xema.7168.P [AhnLab]	4
Worm.Win32.AutoRun.rho [Kaspersky Lab]	4
Backdoor.Bifrose [PC Tools]	3
Backdoor.Bifrose [Symantec]	3
Backdoor.Graybird [Symantec]	3
Backdoor.Win32.Xdoor.13 [Kaspersky Lab]	3
New BackDoor1 [McAfee]	3
Spyware-Ssppyy [McAfee]	3
Trojan.Win32.KillAV.bap [Kaspersky Lab]	3
Trojan:Win32/Meredrop [Microsoft]	3
Trojan-Downloader.Win32.Cutwail [Ikarus]	3
TrojanDownloader:Win32/Cutwail.gen!B [Microsoft]	3
Win-Trojan/Agent.19456.KO [AhnLab]	3
Win-Trojan/Xema.240128 [AhnLab]	3
Backdoor.Singu [Symantec]	2

Mal/Emogen-Y [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	82
	Russian Federation	13

Mal/Emogen-Y [Sophos] is known to be created as:

%ProgramFiles%\internet explorer\debugger.exe

%ProgramFiles%\services\mservice.exe

%Programs%\startup\lostvolume.exe

%System%\0.exe

%System%\aydzeqvdhvovbrt.dll

%System%\bdrqfhasogxpu.dll

%System%\dnsq.dll

%System%\drivers\csrss.exe

%System%\drivers\svchost.exe

%System%\grflnyat.exe

%System%\ldcore.dll

%System%\lich.exe

%System%\mircsoft.exe

%System%\msjmks.exe

%System%\oowzzoey.exe

%System%\ptsdnbzzagqygbo.dll

%System%\rrcbsibtcshgooipqe.dll

%System%\rs32net.exe

%System%\server.exe

%System%\shuiniu.exe

%System%\sself.scr

%System%\windows.exe

%System%\wins\svchost.exe

%System%\winsock2.dll

%System%\wzuhyqqydqc.dll

%System%\zvyvqnlvjhattt.dll

%System%\zxsoul.dll

%Temp%\dll0.dll

%Temp%\dll109.dll

%Temp%\dll156.dll

%Temp%\dll171.dll

%Temp%\dll203.dll

%Temp%\dll265.dll

%Temp%\dll312.dll

%Temp%\dll328.dll

%Temp%\dll343.dll

%Temp%\dll390.dll

%Temp%\dll406.dll

%Temp%\dll468.dll

%Temp%\dll500.dll

%Temp%\dll515.dll

%Temp%\dll531.dll

%Temp%\dll546.dll

%Temp%\dll562.dll

%Temp%\dll593.dll

%Temp%\dll609.dll

%Temp%\dll625.dll

%Temp%\dll640.dll

%Temp%\dll656.dll

%Temp%\dll671.dll

%Temp%\dll687.dll

%Temp%\dll765.dll

%Temp%\dll78.dll

%Temp%\dll781.dll

%Temp%\dll812.dll

%Temp%\dll906.dll

%Temp%\dll93.dll

%Temp%\dll953.dll

%Temp%\svchost.exe

%UserProfile%\xrt_mgec.exe

%UserProfile%\xrt_taca.exe

%Windir%\dhcp\svchost.exe

%Windir%\expmodule.exe

%Windir%\svchost.exe

%Windir%\system\smvss.exe

%Windir%\system\svchost.exe

%Windir%\systom32\svchost.exe

%Windir%\windmz.exe

c:\explore.exe

c:\kitkit.dll

c:\ravmon.exe

c:\setup.exe

c:\system.dll

c:\temp\server.exe

c:\temp\svchost.exe

c:\temps\svchost.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.