ThreatExpert's Statistics for Win-Trojan/Midgare.32256 [AhnLab]:

Win-Trojan/Midgare.32256 [AhnLab] is also known as:

Threat Alias	Number of Incidents
BackDoor-CEP.gen.g [McAfee]	524
Backdoor:Win32/Bifrose.AE [Microsoft]	507
Backdoor.Trojan [Symantec]	450
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	426
Trojan.Midgare.hhn [PC Tools]	337
BKDR_AHZE.SMM [Trend Micro]	318
Virus.Trojan.Win32.Midgare [Ikarus]	300
BKDR_AHZE.NY [Trend Micro]	264
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	161
Mal/Generic-E, Mal/EncPk-FH [Sophos]	102
Mal/EncPk-FH [Sophos]	95
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	82
Trojan.Win32.Midgare.fcz [Kaspersky Lab]	80
Trojan.Midgare!sd6 [PC Tools]	77
Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	65
Infostealer [Symantec]	53
Trojan.Win32.Midgare.hhn [Kaspersky Lab]	53
Backdoor.Bifrose [Symantec]	43
BackDoor-CEP.gen.a [McAfee]	39
Mal/Bifrose-X, Mal/EncPk-FH [Sophos]	25
Mal/Midgar-A, Mal/EncPk-FH [Sophos]	23
Trojan:Win32/Midgare.A [Microsoft]	17
W32.Virut.CF [Symantec]	11
Virus:Win32/Virut.BM [Microsoft]	9
Virus.Trojan.Win32.Midgare.hhn [Ikarus]	8
Trojan.Win32.Midgare [Ikarus]	6
VirTool:Win32/Injector.gen!AG [Microsoft]	6
Virus:Win32/Sality.AM [Microsoft]	6
W32/Sality.gen [McAfee]	6
Backdoor.Bifrose [PC Tools]	5
Backdoor.Trojan [PC Tools]	5
Mal/Bifrose-Z, Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	5
Virus.Win32.Bifrose [Ikarus]	5
W32.Sality.AE [Symantec]	5
W32/Sality-AM [Sophos]	5
Backdoor-CEP.gen.i [McAfee]	4
Mal/Bifrose-X [Sophos]	4
Mal/EncPk-FH, W32/Scribble-B [Sophos]	4
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH [Sophos]	3
PE_SALITY.AE [Trend Micro]	3
Virus.Win32.Virut.ce [Kaspersky Lab]	3
Virus:Win32/Sality.G [Microsoft]	3
W32/Sality-AI [Sophos]	3
Backdoor.Win32.Bifrose.bmzp [Kaspersky Lab]	2
Backdoor:Win32/Bifrose.HM [Microsoft]	2
BackDoor-CEP!hv.a [McAfee]	2
Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, W32/Scribble-B [Sophos]	2
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z, W32/Scribble-B [Sophos]	2
Mal/Bifrose-X, Mal/Sality-C [Sophos]	2
Mal/Generic-E [Sophos]	2
Virus.Win32.Sality.l [Kaspersky Lab]	2
W32.HLLP.Sality.O [Symantec]	2
W32.Sality.AM [Symantec]	2
W32/Sality.n [McAfee]	2
Cryp_Upxscram [Trend Micro]	1
Mal/Bifrose-X, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
Mal/Bifrose-X, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
Mal/Bifrose-Z, Mal/Sality-B [Sophos]	1
Mal/Generic-E, Mal/EncPk-FH, Mal/Behav-103, Mal/Behav-043 [Sophos]	1
Mal/Midgar-A, Mal/EncPk-FH, W32/Scribble-B [Sophos]	1
Mal/Packer, Mal/Midgar-A, Mal/EncPk-FH, Mal/Bifrose-Z [Sophos]	1
not-a-virus:AdWare.Win32.Agent [Ikarus]	1
PE_SALITY.EN [Trend Micro]	1
PE_SALITY.EN-1 [Trend Micro]	1
Suspicious.MH690 [Symantec]	1
Trojan.Win32.Midgare.adxb [Kaspersky Lab]	1
Trojan.Win32.Midgare.upz [Kaspersky Lab]	1
Trojan.Win32.Midgare.uvz [Kaspersky Lab]	1
Virus.Win32.Sality.aa [Kaspersky Lab]	1
Virus:Win32/Sality.AN [Microsoft]	1
Virus:Win32/Sality.gen!enc [Microsoft]	1
W32/Sality.s [McAfee]	1
W32/Sality-I [Sophos]	1

Win-Trojan/Midgare.32256 [AhnLab] has the following possible countries of origin:

Origin		Number of Incidents
	Israel	2
	Turkey	2

Win-Trojan/Midgare.32256 [AhnLab] is known to be created as:

%AppData%\bifrost\server.exe

%AppData%\messenger\messenger.exe

%AppData%\microsoft\svchost.exe

%AppData%\regedit\fragmen.exe

%AppData%\system\svchost32.exe

%AppData%\system\sys.exe

%AppData%\system\win.exe

%AppData%\temp\eixplorer.exe

%CommonAppData%\server.exe

%CommonPrograms%\startup\net.exe

%CommonPrograms%\startup\server.exe

%InternetCache%\57289261.exe

%LocalSettings%\temptmp.exe

%ProgramFiles%\99\88.exe

%ProgramFiles%\anti-trust\anti-trust.exe

%ProgramFiles%\biforst\server.exe

%ProgramFiles%\bifrost\a.exe

%ProgramFiles%\bifrost\ser.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\svchost.exe

%ProgramFiles%\bifroxx\server.exe

%ProgramFiles%\cifrost\ger.exe

%ProgramFiles%\cmdl32\cmdl32.exe

%ProgramFiles%\dir\server.exe

%ProgramFiles%\java\java.exe

%ProgramFiles%\live\ccshost.exe

%ProgramFiles%\massenger live\server.exe

%ProgramFiles%\mesenger\windows.exe

%ProgramFiles%\messenger\messenger.exe

%ProgramFiles%\micro\hosts.exe

%ProgramFiles%\microsoft\svchost.exe

%ProgramFiles%\microsoft\yahoo.exe

%ProgramFiles%\msn messenger\sexglasses.exe

%ProgramFiles%\msn\spoolsv.exe

%ProgramFiles%\msns\msns.exe

%ProgramFiles%\netmeeting0\cb32.exe

%ProgramFiles%\system32\lasse.exe

%ProgramFiles%\system32\msnmsgr.exe

%ProgramFiles%\system32\system32.exe

%ProgramFiles%\test\test.exe

%ProgramFiles%\windows\windows.exe

%ProgramFiles%\wini\l32i.exe

%ProgramFiles%\winsys\sysup.exe

%ProgramFiles%\winxp\winxp.exe

%ProgramFiles%\xerox\sisysy.exe

%ProgramFiles%\xerox\xerox.exe

%Programs%\startup\222.exe

%System%\1039\win32dll.exe

%System%\bifrost\natruntime.exe

%System%\bifrost\server.exe

%System%\bifrost\test.exe

%System%\bifrost\win.exe

%System%\bifrost\zzz.exe

%System%\bifroxx\server.exe

%System%\boot\win34.exe

%System%\drivers\svchost.exe

%System%\explorer.exe

%System%\explorer\explorer.exe

%System%\explorer\internet.exe

%System%\hhhh\server.exe

%System%\key.exe

%System%\langame\langame.exe

%System%\massenger live\server.exe

%System%\microsoft\microsoft.exe

%System%\microsoft\sestyme32.exe

%System%\microsoft\svco.exe

%System%\mozilla\mozilla.exe

%System%\password\password.exe

%System%\qqq\server.exe

%System%\regedit\fragmen.exe

%System%\server.exe

%System%\sky\win.exe

%System%\sys32\sixcoup32.exe

%System%\sysfile\win37.exe

%System%\system\svchost32.exe

%System%\system\sys.exe

%System%\system\win.exe

%System%\system23\pach.exe

%System%\system32\mcrosft.exe

%System%\system32\system32.exe

%System%\system32\win32dll.exe

%System%\system321\server.exe

%System%\systm\systm32.exe

%System%\systreay\systray.exe

%System%\temp\eixplorer.exe

%System%\update\microsoftt.exe

%System%\web\web.exe

%System%\win32\svchost.exe

%System%\win32iiini\svchost.exe

%System%\win32ini\svchost.exe

%System%\windoo\maicroo.exe

%System%\windowlive\dll.exe

%System%\windows\dnetc.exe

%System%\windows\microsoft.exe

%System%\windows32\system32.exe

%System%\xx\sys.exe

%Temp%\1.exe

%Temp%\asadfg43rwaef.exe

%Temp%\bifrost 1.2.1d\server.exe

%Temp%\bifrost no connection limits\server.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).