Threat Search: 

ThreatExpert's Statistics for Trojan.Win32.Bredolab [Ikarus]:

Trojan.Win32.Bredolab [Ikarus] is also known as:
Threat AliasNumber of Incidents
Packed.Win32.Krap.w [Kaspersky Lab]54
Packed.Generic.243 [Symantec]45
Mal/Generic-A [Sophos]35
PWS:Win32/Zbot.gen!R [Microsoft]15
Trojan Horse [Symantec]11
Win-Trojan/Krap.104448.C [AhnLab]10
Backdoor.Win32.Bredolab.yh [Kaspersky Lab]9
Mal/Bredo-A, Mal/Behav-340 [Sophos]9
Mal/EncPk-KV [Sophos]9
TrojanDownloader:Win32/Bredolab.X [Microsoft]9
PWS:Win32/Yahoopass.H [Microsoft]8
Mal/BredoPk-B [Sophos]7
Mal/Krap-B, Mal/BredoPk-B [Sophos]7
Packed.Win32.Krap [Ikarus]7
TrojanDownloader:Win32/Harnig.gen!J [Microsoft]7
HeurEngine.MaliciousPacker [PC Tools]5
Mal/FakeAV-AD, Mal/EncPk-JX [Sophos]5
Trojan:Win32/Winwebsec [Microsoft]5
Bredolab.gen.a [McAfee]4
FakeAlert-WinwebSecurity.gen [McAfee]4
Mal/EncPk-JX, Mal/Bredo-A, Mal/Behav-340 [Sophos]4
Trojan.Bredolab [PC Tools]4
TrojanDownloader:Win32/Harnig.gen!L [Microsoft]4
Win-Trojan/Krap.52736.D [AhnLab]4
Generic PWS.ch [McAfee]3
Mal/Bredo-A [Sophos]3
Packed.Generic.265 [Symantec]3
Trojan:Win32/Glecia.gen!A [Microsoft]3
W32.Koobface!gen1 [Symantec]3
Mal/Basine-C [Sophos]2
Mal/EncPk-IJ [Sophos]2
Mal/EncPk-LW [Sophos]2
Net-Worm.Koobface [PC Tools]2
Trojan.Bredolab [Symantec]2
Trojan:Win32/Malat [Microsoft]2
Trojan-Spy.Win32.Zbot.aato [Kaspersky Lab]2
W32/Koobface.worm.gen.d [McAfee]2
W32/Koobface.worm.gen.v [McAfee]2
Backdoor.Bredolab [PC Tools]1
Backdoor.Trojan [PC Tools]1
Backdoor.Trojan [Symantec]1
Backdoor.Win32.Bredavi.o [Kaspersky Lab]1
Backdoor.Win32.Bredolab.abk [Kaspersky Lab]1
Backdoor.Win32.Bredolab.abq [Kaspersky Lab]1
Backdoor.Win32.Bredolab.acl [Kaspersky Lab]1
Backdoor.Win32.Bredolab.aeq [Kaspersky Lab]1
Backdoor.Win32.Bredolab.agi [Kaspersky Lab]1
Backdoor.Win32.Bredolab.ama [Kaspersky Lab]1
Backdoor.Win32.Bredolab.amm [Kaspersky Lab]1
Backdoor.Win32.Bredolab.arz [Kaspersky Lab]1
Backdoor.Win32.Bredolab.asx [Kaspersky Lab]1
Backdoor.Win32.Bredolab.atb [Kaspersky Lab]1
Backdoor.Win32.Bredolab.aue [Kaspersky Lab]1
Backdoor.Win32.Bredolab.bbw [Kaspersky Lab]1
Backdoor.Win32.Bredolab.bcd [Kaspersky Lab]1
Backdoor.Win32.Bredolab.bdn [Kaspersky Lab]1
Backdoor.Win32.Bredolab.bke [Kaspersky Lab]1
Backdoor.Win32.Bredolab.bnu [Kaspersky Lab]1
Backdoor.Win32.Bredolab.byw [Kaspersky Lab]1
Backdoor.Win32.Bredolab.cpk [Kaspersky Lab]1
Backdoor.Win32.Bredolab.kw [Kaspersky Lab]1
Backdoor.Win32.Bredolab.mw [Kaspersky Lab]1
Backdoor.Win32.Bredolab.qu [Kaspersky Lab]1
Backdoor.Win32.Bredolab.tg [Kaspersky Lab]1
Backdoor.Win32.Bredolab.xs [Kaspersky Lab]1
Backdoor.Win32.Bredolab.xv [Kaspersky Lab]1
Backdoor:Win32/Phdet.B [Microsoft]1
Bredolab.gen.c [McAfee]1
Downloader [Symantec]1
Downloader.Generic [PC Tools]1
Dropper/Malware.18944.G [AhnLab]1
Dropper/Malware.47616.J [AhnLab]1
Email-Worm.Win32.Iksmas.byw [Kaspersky Lab]1
Email-Worm.Win32.Joleee.dhl [Kaspersky Lab]1
FakeAlert-DZ [McAfee]1
Generic BackDoor!bou [McAfee]1
Generic BackDoor!yx [McAfee]1
Generic PWS.y!u [McAfee]1
Generic PWS.y!ur [McAfee]1
Generic.dx!dd [McAfee]1
Generic.dx!df [McAfee]1
Generic.dx!dx [McAfee]1
Generic.dx!fvx [McAfee]1
Generic.dx!gir [McAfee]1
Mal/Behav-321 [Sophos]1
Mal/Behav-321, Mal/WaledPak-A [Sophos]1
Mal/Bredo-A, Mal/Behav-321 [Sophos]1
Mal/Bredo-A, Mal/Behav-340, Mal/Behav-204 [Sophos]1
Mal/Bredo-A, Mal/Behav-340, Mal/BredoPk-B [Sophos]1
Mal/Bredo-A, Mal/BredoPk-B [Sophos]1
Mal/EncPk-HJ [Sophos]1
Mal/EncPk-JB [Sophos]1
Mal/EncPk-JX [Sophos]1
Mal/EncPk-KP [Sophos]1
Mal/EncPk-LC, Mal/EncPk-KX [Sophos]1
Mal/EncPk-MX [Sophos]1
Mal/Generic-A, Mal/EncPk-KW, Mal/EncPk-KW [Sophos]1
Mal/Koobface-A [Sophos]1
Mal/Resdro-A [Sophos]1
Mal/TibsPk-D, Mal/TibsPk-A [Sophos]1

Trojan.Win32.Bredolab [Ikarus] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation94
China3
Finland2

Trojan.Win32.Bredolab [Ikarus] is known to be created as:
%CommonAppData%\11772654\11772654.exe
%CommonAppData%\12182344\12182344.exe
%CommonAppData%\12359844\12359844.exe
%Programs%\startup\dfqupd32.exe
%Programs%\startup\ihaupd32.exe
%Programs%\startup\isqsys32.exe
%Programs%\startup\mgjwin32.exe
%Programs%\startup\rqjupd32.exe
%System%\123.exe
%System%\drivers\dafmgr.exe
%System%\mssrv32.exe
%System%\sdra64.exe
%System%\servises.exe
%System%\vhosts.exe
%System%\wbem\grpconv.exe
%System%\wbem\proquota.exe
%Temp%\ikowin32.exe
%Temp%\update.exe
%Windir%\22601.exe
%Windir%\9129837.exe
%Windir%\ld08.exe
%Windir%\pp12.exe
%Windir%\temp\_ex-08.exe
%Windir%\temp\wpv011260372709.exe
%Windir%\temp\wpv111251459151.exe
%Windir%\temp\wpv151260372709.exe
%Windir%\temp\wpv181248050836.exe
%Windir%\temp\wpv251257448721.exe
%Windir%\temp\wpv331260372709.exe
%Windir%\temp\wpv441260372709.exe
%Windir%\temp\wpv471248050836.exe
%Windir%\temp\wpv591257448721.exe
%Windir%\temp\wpv601251296984.exe
%Windir%\temp\wpv821251296984.exe
%Windir%\temp\wpv951251296984.exe
c:\dntddho.exe
Notes:
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.