Threat Search: 

ThreatExpert's Statistics for Trojan.Crypt.XPACK [Ikarus]:

Trojan.Crypt.XPACK [Ikarus] is also known as:
Threat AliasNumber of Incidents
Downloader [Symantec]31
Trojan Horse [Symantec]27
Generic.dx [McAfee]21
Mal/Generic-A [Sophos]16
Troj/Virtum-Gen [Sophos]10
Win-Trojan/Xema.variant [AhnLab]10
Downloader.gen.a [McAfee]8
Mal/EncPk-DB [Sophos]8
Trojan.Vundo [Symantec]8
Vundo.gen.m [McAfee]7
Mal/EncPk-CZ [Sophos]6
Trojan.Generic [PC Tools]6
Trojan.Win32.Agent.airw [Kaspersky Lab]6
TrojanDownloader:Win32/Harnig.gen!J [Microsoft]6
Backdoor.Rustock.B [Symantec]5
Generic BackDoor [McAfee]5
Mal/Frethog-B [Sophos]5
Trojan.Packed.NsAnti [Symantec]5
Trojan:Win32/Vundo.KAL [Microsoft]5
Backdoor.Trojan [Symantec]4
Generic PWS.ak [McAfee]4
Infostealer [Symantec]4
Mal/EncPk-FC [Sophos]4
Packed.Generic.187 [Symantec]4
Trojan.Agent!sd6 [PC Tools]4
Trojan.Win32.Monderb.lqm [Kaspersky Lab]4
Trojan:Win32/Meredrop [Microsoft]4
W32.Spybot.Worm [Symantec]4
Generic Downloader.x [McAfee]3
Mal/Basine-C [Sophos]3
Mal/EncPk-DG [Sophos]3
Packed.Generic.182 [Symantec]3
Packed.Win32.Krap.b [Kaspersky Lab]3
PWS:Win32/Frethog.AJ [Microsoft]3
PWS:Win32/Frethog.D [Microsoft]3
Trojan.Win32.Agent [Ikarus]3
Trojan:Win32/Vundo.gen!X [Microsoft]3
Trojan-Downloader.Win32.Agent.ahfa [Kaspersky Lab]3
Backdoor.Win32.Agent.rvn [Kaspersky Lab]2
Backdoor.Win32.NewRest.n [Kaspersky Lab]2
FakeAlert-BD [McAfee]2
Generic Dropper [McAfee]2
Mal/Behav-066 [Sophos]2
Mal/EncPk-CK [Sophos]2
Mal/Packer [Sophos]2
PWS-Gamania.gen.a [McAfee]2
PWS-Gamania.gen.c [McAfee]2
TROJ_DLOAD.NBA [Trend Micro]2
Trojan:Win32/Ircbrute [Microsoft]2
W32/Sdbot.worm [McAfee]2
Win-Trojan/Agent.111104.AI [AhnLab]2
Backdoor.Agent!sd6 [PC Tools]1
Backdoor.Eterok!sd6 [PC Tools]1
Backdoor.Eterok.C [Symantec]1
Backdoor.Graybird!Gen [Symantec]1
Backdoor.IRCBot.ST [PC Tools]1
Backdoor.Rustock [Ikarus]1
Backdoor.Tidserv [Symantec]1
Backdoor.Win32.Rbot.vgg [Kaspersky Lab]1
Backdoor.Win32.Rbot.wdq [Kaspersky Lab]1
Backdoor.Win32.SdBot.lnh [Kaspersky Lab]1
Backdoor:Win32/Rustock.E [Microsoft]1
DNSChanger.gen.a [McAfee]1
Downloader-BHH [McAfee]1
Downloader-BHP [McAfee]1
Email-Worm.Win32.Zhelatin.ahr [Kaspersky Lab]1
FakeAlert-AG.gen.a [McAfee]1
Generic Dropper.by [McAfee]1
Generic Dropper.l [McAfee]1
Generic FakeAlert.a [McAfee]1
Generic PWS.y [McAfee]1
Generic.dx!gqd [McAfee]1
Infostealer.Gampass [Symantec]1
Mal/Behav-066, Mal/EncPk-DV, Mal/TibsPak [Sophos]1
Mal/Behav-066, Mal/TibsPak [Sophos]1
Mal/Emogen-P [Sophos]1
Mal/EncPk-BU [Sophos]1
Mal/EncPk-CE, Mal/EncPk-EK [Sophos]1
Mal/EncPk-CR [Sophos]1
Mal/EncPk-CR, Mal/Hupig-D, Mal/DSpy-B [Sophos]1
Mal/EncPk-DA, Mal/TibsPak [Sophos]1
Mal/Generic-A, Mal/EncPk-EO [Sophos]1
Mal/TibsPak [Sophos]1
Net-Worm.Kolab [PC Tools]1
Net-Worm.Win32.Kolab.avc [Kaspersky Lab]1
New Malware.ix [McAfee]1
Packed.Generic.128 [Symantec]1
Packed.Win32.PolyCrypt.e [Kaspersky Lab]1
Packed/FSG [PC Tools]1
Program:Win32/Antivirus2008 [Microsoft]1
Suspicious.MH690 [Symantec]1
Tibs-Packed [McAfee]1
Troj/Bckdr-QPN [Sophos]1
Troj/Pushdo-Gen [Sophos]1
TROJ_MUTANT.CV [Trend Micro]1
TROJ_PAKES.AUF [Trend Micro]1
TROJ_TIBS.ANZ [Trend Micro]1
TROJ_VUNDO.EUF [Trend Micro]1
Trojan.DL.Zlob.IXQ [PC Tools]1
Trojan.DR.Pandex.Gen.4 [PC Tools]1

Trojan.Crypt.XPACK [Ikarus] has the following possible countries of origin:
OriginNumber of Incidents
China4
Russian Federation2
Saudi Arabia2
Spain2
Brazil1
Canada1
Japan1
Netherlands1
Poland1
United Kingdom1

Trojan.Crypt.XPACK [Ikarus] is known to be created as:
%CommonAppData%\qdqzsnqt\kfqbefun.exe
%ProgramFiles%\common files\system\security.exe
%ProgramFiles%\neocheat\pixiedust\pixiedust.exe
%ProgramFiles%\whidepro\whpro.exe
%System%\awtsjggd.dll
%System%\cbevtsvc.exe
%System%\cbxngxut.dll
%System%\cssrss.exe
%System%\drivers\osidata.sys
%System%\e727d.exe
%System%\fool0.dll
%System%\fool2.dll
%System%\kamsoft.exe
%System%\kavo.exe
%System%\kdius.exe
%System%\kxvo.exe
%System%\lphc35dj0erc1.exe
%System%\mkrnl.exe
%System%\msansspc.dll
%System%\mssrv32.exe
%System%\msupdate.exe
%System%\msvcs.exe
%System%\opnmkaqo.dll
%System%\qiao2008.dll
%System%\tavo.exe
%System%\tskmgr.exe
%System%\vtumexys.dll
%System%\wlctrl32.dll
%Temp%\5.exe
%Temp%\9.exe
%Temp%\ddos.exe
%Temp%\ic.exe
%Temp%\install37978.exe
%Temp%\installs.exe
%Temp%\load.exe
%Temp%\picrypter.exe
%Temp%\qnaemgjpuvlpknb.exe
%Temp%\r63843.exe
%Temp%\r69106.exe
%Temp%\r76386.exe
%Temp%\setup20873.exe
%Temp%\setup24548.exe
%Temp%\setup52537.exe
%Temp%\setup62753.exe
%Temp%\u61165.exe
%Windir%\jrjrbjbj.exe
%Windir%\lexplorer.exe
%Windir%\qmu2j466e2.exe
%Windir%\secure.exe
%Windir%\services.exe
%Windir%\svcchost.exe
c:\a86\aw25\consol32.exe
c:\a86\aw25\hello32.exe
c:\dyc.exe
c:\kg2v.com
c:\o2g.exe
Notes:
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.