ThreatExpert's Statistics for Packed/Upack [AhnLab]:

Packed/Upack [AhnLab] is also known as:

Threat Alias	Number of Incidents
Mal/Packer, Mal/EncPk-BW [Sophos]	7,655
Generic.dx [McAfee]	6,910
Trojan-PWS.Win32.Small [Ikarus]	6,833
Trojan Horse [Symantec]	6,730
Trojan-GameThief.Win32.OnLineGames.abrf.a [Kaspersky Lab]	6,059
Trojan-Downloader.Agent.NZW [PC Tools]	1,162
New Malware.aj [McAfee]	818
Infostealer.Gampass [Symantec]	712
New Malware.n [McAfee]	526
Trojan-PWS.OnlineGames.ADRD [PC Tools]	504
Suspicious.MH690 [Symantec]	423
Trojan.Win32.Agent [Ikarus]	363
Troj/Virtum-Gen [Sophos]	244
Mal/Generic-A [Sophos]	205
Mal/EncPk-BW, Mal/Packer, Mal/EncPk-BW [Sophos]	203
Trojan-PSW.Gampass [PC Tools]	194
Virus.Win32.Virut [Ikarus]	166
Infostealer.Lemir [Symantec]	158
Rootkit.Order [PC Tools]	150
Trojan.KillAV [Symantec]	142
Mal/Behav-010, Mal/Packer, Mal/GamePSW-B, Mal/GamePSW-C, Mal/EncPk-BW, Mal/Dloadr-E [Sophos]	127
Trojan-Dropper.Agent [Ikarus]	120
Mal/Packer, Mal/EncPk-BW, Troj/Virtum-Gen [Sophos]	114
Mal/TibsPk-A [Sophos]	101
Infostealer.Onlinegame [Symantec]	97
Win32.SuspectCrc [Ikarus]	89
Trojan.Win32.Scar.acgo [Kaspersky Lab]	82
Troj/PWS-BAF [Sophos]	81
Trojan-Spy.Win32.Pophot [Ikarus]	80
W32.Mumawow.F!inf [Symantec]	69
Downloader [Symantec]	63
Trojan-GameThief.Win32.OnLineGames.uzte [Kaspersky Lab]	63
W32.Fiala.A [Symantec]	59
Trojan.Win32.Vilsel.ooj [Kaspersky Lab]	58
Trojan.Dropper [Symantec]	57
Trojan:Win32/Meredrop [Microsoft]	56
Trojan.Win32.Vilsel.ogc [Kaspersky Lab]	54
Trojan-PWS.Win32.QQPass [Ikarus]	54
Trojan.Win32.Vilsel.ndz [Kaspersky Lab]	47
Trojan-Downloader.Zlob.GEN [PC Tools]	47
PWS-Mmorpg.gen [McAfee]	46
TROJ_FAKEAV.AC [Trend Micro]	43
Trojan.Win32.Vilsel.ndy [Kaspersky Lab]	43
Mal/Packer [Sophos]	40
Trojan.Generic [PC Tools]	39
Trojan-PWS.Win32.LdPinch [Ikarus]	39
Trojan-Spy.Gampass!sd6 [PC Tools]	38
Mal/EncPk-BW [Sophos]	37
Mal/Basine-C [Sophos]	36
Trojan.Generic [Ikarus]	36
Trojan.Win32.Vilsel.ndw [Kaspersky Lab]	36
Trojan.Win32.Vilsel.nea [Kaspersky Lab]	35
Generic Downloader.x [McAfee]	34
Trojan-Spy.Win32.Bancos [Ikarus]	34
Trojan-Downloader.Win32.Geral [Ikarus]	33
Trojan-Downloader.Win32.Cekar [Ikarus]	32
Trojan-Spy.Win32.Banker [Ikarus]	32
Troj/KillAV-FI [Sophos]	30
Trojan.Win32.Agent.bvrn [Kaspersky Lab]	30
Trojan-Banker.Win32.Banker [Ikarus]	30
TSPY_ONLINEG.FYU [Trend Micro]	30
Trojan-Downloader.Win32.VB.kwb [Kaspersky Lab]	29
Mal/Basine-C, Mal/Behav-009 [Sophos]	28
TROJ_ZLOB.LN [Trend Micro]	28
Virus.Win32.Trojan [Ikarus]	28
Trojan-Dropper.Win32.Ceekat [Ikarus]	27
Malware.Fiala [PC Tools]	26
Trojan.Win32.Agent.binb [Kaspersky Lab]	26
Mal/Behav-156, Mal/Behav-160, Mal/Emogen-E [Sophos]	25
Trojan.Win32.Meredrop [Ikarus]	25
Trojan-Dropper.Win32.Agent.aiqb [Kaspersky Lab]	25
Mal/Emogen-E, Mal/Behav-160 [Sophos]	24
Trojan.Win32.Obfuscated [Ikarus]	23
Mal/Behav-156 [Sophos]	22
Packed/Upack [PC Tools]	22
Trojan.Win32.Glox [Ikarus]	22
Trojan.Zlob [Ikarus]	22
Backdoor.Win32.Popwin [Ikarus]	21
Trojan.Win32.Agent.bulk [Kaspersky Lab]	21
Trojan-GameThief.Win32.WOW.iml [Kaspersky Lab]	21
Win32.Warezov [Ikarus]	21
Trojan-GameThief.Win32.WOW.wdw [Kaspersky Lab]	20
Worm.AutoRun.WHY [PC Tools]	20
FakeAlert-XPSecurityCenter [McAfee]	19
Infostealer.Lineage [Symantec]	19
Trojan.Win32.LaSta [Ikarus]	19
Trojan-GameThief.Win32.Magania.gen [Kaspersky Lab]	19
W32.SillyFDC [Symantec]	19
Exp/MS08067-A [Sophos]	18
Mal/Packer, Mal/Behav-024, Mal/GamePSW-C, Mal/GamePSW-B, Mal/EncPk-BW, Mal/Dloadr-E, Mal/Behav-027, Mal/Emogen-Y, Mal/Behav-010 [Sophos]	18
Trojan.Ducky.B [Symantec]	18
Trojan-Downloader.VB!sd6 [PC Tools]	17
Trojan-GameThief.Win32.Nilage.abf [Kaspersky Lab]	17
Trojan-Spy.Win32.Banker.anv [Ikarus]	17
W32.SillyDC [Symantec]	17
Exploit.Win32.IMG-WMF.mj [Kaspersky Lab]	16
Mal/Behav-152 [Sophos]	16
Mal/Packer, Mal/EncPk-BW, Mal/Behav-214 [Sophos]	16
not-a-virus.Risktool.XPKeyChanger [Ikarus]	16
Trojan.Ducky!sd6 [PC Tools]	16

Packed/Upack [AhnLab] has the following possible countries of origin:

Origin		Number of Incidents
	China	995
	Brazil	61
	Russian Federation	37
	United Kingdom	19
	Germany	13
	Taiwan	9
	Bulgaria	3
	Ukraine	3
	Israel	2
	Italy	2
	Sweden	2
	Australia	1
	Finland	1
	France	1
	Iran	1
	Netherlands	1

Packed/Upack [AhnLab] is known to be created as:

%CommonPrograms%\startup\java7.exe

%CommonPrograms%\startup\kss.exe

%FontsDir%\0e257bb7.dll

%FontsDir%\30c4ae9f.dll

%FontsDir%\7f55c37c.dll

%FontsDir%\aaaxr.dll

%FontsDir%\b3a0cb04.dll

%FontsDir%\b4b147bc522828731f1a016bfa72c073\system\ctfmn.exe

%FontsDir%\b4b147bc522828731f1a016bfa72c073\system\wdfmgr.exe

%FontsDir%\bhqbm.dll

%FontsDir%\cxwov.dll

%FontsDir%\fcgkh.dll

%FontsDir%\fgiet.dll

%FontsDir%\gccpx.dll

%FontsDir%\jdolc.dll

%FontsDir%\jirhw.dll

%FontsDir%\kb0106564.dll

%FontsDir%\kb013232815.dll

%FontsDir%\kb013232846.dll

%FontsDir%\kb01613109.dll

%FontsDir%\kb0161396.dll

%FontsDir%\kb016203033.dll

%FontsDir%\kb01704931.dll

%FontsDir%\kb01705033.dll

%FontsDir%\kb02021514.dll

%FontsDir%\kb02021616.dll

%FontsDir%\kb02021633.dll

%FontsDir%\kb022155821.dll

%FontsDir%\kb022155838.dll

%FontsDir%\kb022155940.dll

%FontsDir%\kb026112354.dll

%FontsDir%\kb02611253.dll

%FontsDir%\kb02612124.dll

%FontsDir%\kb026121331.dll

%FontsDir%\kb02761329.dll

%FontsDir%\kb02761441.dll

%FontsDir%\kb0811492.dll

%FontsDir%\kb09195822.dll

%FontsDir%\kb09195923.dll

%FontsDir%\kb126112341.dll

%FontsDir%\kb126121151.dll

%FontsDir%\kb126121331.dll

%FontsDir%\kb1261306.dll

%FontsDir%\kb127174258.dll

%FontsDir%\kb127174436.dll

%FontsDir%\kb12761316.dll

%FontsDir%\kb12761441.dll

%FontsDir%\kb12843520.dll

%FontsDir%\kb12843657.dll

%FontsDir%\kb12851733.dll

%FontsDir%\kb1305536.dll

%FontsDir%\kb1394854.dll

%FontsDir%\kb218234933.dll

%FontsDir%\kb22611248.dll

%FontsDir%\kb22611253.dll

%FontsDir%\kb226121218.dll

%FontsDir%\kb226121331.dll

%FontsDir%\kb226125936.dll

%FontsDir%\kb227174312.dll

%FontsDir%\kb227174436.dll

%FontsDir%\kb22761342.dll

%FontsDir%\kb22761440.dll

%FontsDir%\kb22843534.dll

%FontsDir%\kb22843657.dll

%FontsDir%\kb2285195.dll

%FontsDir%\kb51273134.dll

%FontsDir%\kb52220203.dll

%FontsDir%\kb530143041.dll

%FontsDir%\klhmw.dll

%FontsDir%\lawwi.dll

%FontsDir%\ndobv.dll

%FontsDir%\odbnx.dll

%FontsDir%\pvrwt.dll

%FontsDir%\qgqha.dll

%FontsDir%\qshda.dll

%FontsDir%\qvsdc.dll

%FontsDir%\rdmtq.dll

%FontsDir%\shvpm.dll

%FontsDir%\system32.dll

%FontsDir%\timpiatform.exe

%FontsDir%\uuphr.dll

%FontsDir%\uwhoq.dll

%FontsDir%\uxbup.dll

%FontsDir%\wtcwe.dll

%Profiles%\cpa.exe

%ProgramFiles%\ares\webpro.exe

%ProgramFiles%\common files\001.exe

%ProgramFiles%\common files\antiga 2.0 addon tools\kc.exe

%ProgramFiles%\common files\antiga 2.0 addon tools\wganr.exe

%ProgramFiles%\common files\cao.exe

%ProgramFiles%\common files\cozim.exe

%ProgramFiles%\common files\rtry.exe

%ProgramFiles%\common files\safesys.exe

%ProgramFiles%\common files\system\qmc.exe

%ProgramFiles%\common files\system\qq7bzd.exe

%ProgramFiles%\common files\system\qqdfor.exe

%ProgramFiles%\common files\system\qqdkaj.exe

%ProgramFiles%\common files\system\qqdzr7.exe

%ProgramFiles%\common files\system\qqe0uk.exe

%ProgramFiles%\common files\system\qqem3x.exe

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.