Threat Search: 

ThreatExpert's Statistics for Mal/Emogen-Y [Sophos]:

Mal/Emogen-Y [Sophos] is also known as:
Threat AliasNumber of Incidents
W32.Pagipef [Symantec]5,227
PE_PAGIPEF.BR-O [Trend Micro]2,920
Trojan-PSW.Agent!sd6 [PC Tools]2,731
TSPY_ONLINEGA.AE [Trend Micro]1,752
Trojan-PSW.Win32.Agent.acp [Kaspersky Lab]1,586
Win32.Xorer.K [PC Tools]1,296
Trojan-PWS.Win32.Agent [Ikarus]680
Win-Trojan/Diskgen.32256 [AhnLab]601
Virus.Win32.Xorer.ee [Kaspersky Lab]600
Virus.Win32.Xorer [Ikarus]250
Trojan-PWS.Win32.Agent.acp [Ikarus]245
Trojan-PWS.Agent!ct [PC Tools]160
Virus.Win32.Xorer.ee [Ikarus]144
Trojan-PWS.Agent!sd6 [PC Tools]120
Trojan.KillAV [Symantec]109
Win-Trojan/Xema.32256.E [AhnLab]96
Trojan.Win32.AgentBypass [Ikarus]79
Trojan:Win32/AgentBypass.gen!I [Microsoft]78
TSPY_AGENT.AIQV [Trend Micro]45
W32.Pagipef.I [Symantec]41
TROJ_PAGIPEF.BK [Trend Micro]36
Generic.dx [McAfee]26
Virus.Win32.Xorer.eb [Kaspersky Lab]20
Backdoor.Win32.Agent.utw [Kaspersky Lab]19
Trojan-Dropper.Delf [Ikarus]17
TROJ_PAGIPEF.AU [Trend Micro]16
Trojan:Win32/Perkesh.A [Microsoft]16
Worm.AutoRun.GEN [PC Tools]16
TROJ_DELF.FKM [Trend Micro]15
Virus.Win32.Xorer.dt [Kaspersky Lab]14
Win-Trojan/Xema.variant [AhnLab]14
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]13
Trojan.Win32.KillAV.bao [Kaspersky Lab]13
Trojan.Adclicker [Symantec]12
Trojan.Win32.Delf.kyq [Kaspersky Lab]12
Win32.Xorer.F [PC Tools]12
Win-Trojan/Agent.194560.O [AhnLab]12
Win-Trojan/Agent.41984.IB [AhnLab]12
Backdoor.Win32.Agent.admg [Kaspersky Lab]11
Downloader [Symantec]11
Trojan Horse [Symantec]11
Trojan.Win32.KillAV.azk [Kaspersky Lab]11
Trojan-Dropper.Agent [Ikarus]11
Backdoor.Win32.Agent.uyp [Kaspersky Lab]9
Trojan.Win32.Delf.cmn [Kaspersky Lab]9
TrojanDownloader:Win32/Cutwail.W [Microsoft]9
Backdoor.Win32.Agent.vfc [Kaspersky Lab]8
TROJ_PAGIPEF.BG [Trend Micro]7
Trojan.KillAV!sd6 [PC Tools]7
W32/Autorun.worm.gen [McAfee]7
Backdoor.SdBot.DFSG [Ikarus]6
Trojan.Win32.Agent.alcb [Kaspersky Lab]6
Trojan.Win32.KillAV.azv [Kaspersky Lab]6
Trojan-Dropper.Win32.Agent.afor [Kaspersky Lab]6
Virus.Win32.Xorer.du [Kaspersky Lab]6
Win-Trojan/Agent.155648.DI [AhnLab]6
Win-Trojan/Agent.32256.BS [AhnLab]6
Worm.AutoRun.qar [PC Tools]6
Backdoor.Trojan [Symantec]5
Trojan:Win32/Veslorn.gen!A [Microsoft]5
TrojanDownloader:Win32/Small [Microsoft]5
W32.Whybo.Z [Symantec]5
Win-Trojan/Agent.25088.LN [AhnLab]5
Backdoor.Win32.Small.hgi [Kaspersky Lab]4
Backdoor:Win32/Luder.H [Microsoft]4
Downloader-AZH [McAfee]4
Downloader-BFO [McAfee]4
Generic BackDoor [McAfee]4
Generic Downloader.k [McAfee]4
Generic Downloader.x [McAfee]4
New Malware.ab [McAfee]4
Trojan.DL.Agent.EFUV [PC Tools]4
Trojan.Win32.Agent [Ikarus]4
Trojan-Downloader.Small!sd5 [PC Tools]4
Trojan-Downloader.Win32.Agent.bwpx [Kaspersky Lab]4
Trojan-Downloader.Win32.Agent.wfx [Kaspersky Lab]4
Trojan-Downloader.Win32.Delf.dhk [Kaspersky Lab]4
Trojan-Downloader.Win32.Small [Ikarus]4
Trojan-Downloader.Win32.Small.dxm [Kaspersky Lab]4
VirTool:Win32/DelfInject.gen!T [Microsoft]4
Virus.Win32.Delf.EQM [Ikarus]4
Virus.Win32.Trojan [Ikarus]4
Virus.Win32.Xorer.ds [Kaspersky Lab]4
W32.SillyDC [Symantec]4
Win-Trojan/Downloader.6689.B [AhnLab]4
Win-Trojan/Xema.7168.P [AhnLab]4
Worm.Win32.AutoRun.rho [Kaspersky Lab]4
Backdoor.Bifrose [PC Tools]3
Backdoor.Bifrose [Symantec]3
Backdoor.Graybird [Symantec]3
Backdoor.Win32.Xdoor.13 [Kaspersky Lab]3
New BackDoor1 [McAfee]3
Spyware-Ssppyy [McAfee]3
Trojan.Win32.KillAV.bap [Kaspersky Lab]3
Trojan:Win32/Meredrop [Microsoft]3
Trojan-Downloader.Win32.Cutwail [Ikarus]3
TrojanDownloader:Win32/Cutwail.gen!B [Microsoft]3
Win-Trojan/Agent.19456.KO [AhnLab]3
Win-Trojan/Xema.240128 [AhnLab]3
Backdoor.Singu [Symantec]2

Mal/Emogen-Y [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
China82
Russian Federation13

Mal/Emogen-Y [Sophos] is known to be created as:
%ProgramFiles%\internet explorer\debugger.exe
%ProgramFiles%\services\mservice.exe
%Programs%\startup\lostvolume.exe
%System%\0.exe
%System%\aydzeqvdhvovbrt.dll
%System%\bdrqfhasogxpu.dll
%System%\dnsq.dll
%System%\drivers\csrss.exe
%System%\drivers\svchost.exe
%System%\grflnyat.exe
%System%\ldcore.dll
%System%\lich.exe
%System%\mircsoft.exe
%System%\msjmks.exe
%System%\oowzzoey.exe
%System%\ptsdnbzzagqygbo.dll
%System%\rrcbsibtcshgooipqe.dll
%System%\rs32net.exe
%System%\server.exe
%System%\shuiniu.exe
%System%\sself.scr
%System%\windows.exe
%System%\wins\svchost.exe
%System%\winsock2.dll
%System%\wzuhyqqydqc.dll
%System%\zvyvqnlvjhattt.dll
%System%\zxsoul.dll
%Temp%\dll0.dll
%Temp%\dll109.dll
%Temp%\dll156.dll
%Temp%\dll171.dll
%Temp%\dll203.dll
%Temp%\dll265.dll
%Temp%\dll312.dll
%Temp%\dll328.dll
%Temp%\dll343.dll
%Temp%\dll390.dll
%Temp%\dll406.dll
%Temp%\dll468.dll
%Temp%\dll500.dll
%Temp%\dll515.dll
%Temp%\dll531.dll
%Temp%\dll546.dll
%Temp%\dll562.dll
%Temp%\dll593.dll
%Temp%\dll609.dll
%Temp%\dll625.dll
%Temp%\dll640.dll
%Temp%\dll656.dll
%Temp%\dll671.dll
%Temp%\dll687.dll
%Temp%\dll765.dll
%Temp%\dll78.dll
%Temp%\dll781.dll
%Temp%\dll812.dll
%Temp%\dll906.dll
%Temp%\dll93.dll
%Temp%\dll953.dll
%Temp%\svchost.exe
%UserProfile%\xrt_mgec.exe
%UserProfile%\xrt_taca.exe
%Windir%\dhcp\svchost.exe
%Windir%\expmodule.exe
%Windir%\svchost.exe
%Windir%\system\smvss.exe
%Windir%\system\svchost.exe
%Windir%\systom32\svchost.exe
%Windir%\windmz.exe
c:\explore.exe
c:\kitkit.dll
c:\ravmon.exe
c:\setup.exe
c:\system.dll
c:\temp\server.exe
c:\temp\svchost.exe
c:\temps\svchost.exe
Notes:
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.