ThreatExpert's Statistics for Win32/ChiHack.6652 [AhnLab]:

Win32/ChiHack.6652 [AhnLab] is also known as:

Threat Alias	Number of Incidents
PE_Chir.B [Trend Micro]	99
W32/Chir-B [Sophos]	99
W32/Chir.b@MM [McAfee]	98
Email-Worm.Win32.Runouce.b [Kaspersky Lab]	97
Virus:Win32/Chir.B@mm [Microsoft]	88
W32.Chir.B@mm [Symantec]	75
I-Worm.Chir.B [PC Tools]	63
Email-Worm.Win32.Runouce [Ikarus]	45
W32.SillyFDC [Symantec]	9
Email-Worm.Win32.Runouce.B [Ikarus]	7
Backdoor.Bifrose.EZC [PC Tools]	5
Backdoor.Win32.Bifrose [Ikarus]	4
Trojan.Crypt [Ikarus]	4
Trojan-Banker.Win32.Banker [Ikarus]	4
Win32.Virut.Gen.5 [PC Tools]	4
Worm.AutoIT.V [PC Tools]	4
Trojan.Win32.Midgare [Ikarus]	3
Virus.Win32.Bifrose [Ikarus]	3
Trojan.Agent.VYJ [PC Tools]	2
Trojan.Autoit [Ikarus]	2
Trojan.Midgare.hhn [PC Tools]	2
Trojan.Win32.Agent [Ikarus]	2
Trojan.Win32.VB [Ikarus]	2
Trojan-Dropper.Delf [Ikarus]	2
Virus.Win32.AutoRun.vc [Ikarus]	2
Virus:Win32/Virut.K [Microsoft]	2
Virus:Win32/Virut.L [Microsoft]	2
W32.Imaut [Symantec]	2
W32.Rajump [Symantec]	2
W32.SillyDC [Symantec]	2
Email-Worm.Win32.Generic [Ikarus]	1
Generic.dx [McAfee]	1
I-Worm.Rays.F [PC Tools]	1
Trojan.Agent.ECMZ [PC Tools]	1
Trojan.DL.AutoIt.DO [PC Tools]	1
Trojan.Hider.G [PC Tools]	1
Trojan.VB.EPP [PC Tools]	1
Trojan.Win32.Crypt [Ikarus]	1
Trojan:Win32/VB.HO [Microsoft]	1
Trojan-Dropper.Win32.Autoit [Ikarus]	1
Trojan-Dropper.Win32.Delf [Ikarus]	1
Trojan-Dropper.Win32.Malf [Ikarus]	1
Trojan-Spy.Win32.Banbra [Ikarus]	1
Virus.W32.Sality [Ikarus]	1
Virus.Win32.Agent.OYJ [Ikarus]	1
Virus.Win32.AutoRun.jq [Ikarus]	1
Virus.Win32.Folcom.b [Kaspersky Lab]	1
Virus.Win32.Hakaglan [Ikarus]	1
Virus.Win32.VB.KZ [Ikarus]	1
Virus.Worm.Win32.AutoRun.doq [Ikarus]	1
Virus:Win32/Virut.AP [Microsoft]	1
Virus:Win32/Virut.D [Microsoft]	1
W32.Gobi [Symantec]	1
W32.Imaut.N [Symantec]	1
W32.Imaut.U [Symantec]	1
W32.Mikbaland [Symantec]	1
W32.Traxg@mm [Symantec]	1
Win32.Sality.AA.Gen [PC Tools]	1
Win32.Virut.Gen [PC Tools]	1
Worm.Autoit.DU [PC Tools]	1
Worm.AutoIt.S [PC Tools]	1
Worm.Autorun.ADR [PC Tools]	1
Worm.Hakaglan.B [PC Tools]	1
Worm.Win32.VB [Ikarus]	1

Win32/ChiHack.6652 [AhnLab] has the following possible countries of origin:

Origin		Number of Incidents
	United Kingdom	11
	Brazil	8
	China	6
	Sweden	4
	Spain	2
	Australia	1
	Czech Republic	1
	Germany	1
	Taiwan	1

Win32/ChiHack.6652 [AhnLab] is known to be created as:

%AllUsersProfile%\desktop.exe

%AllUsersProfile%\favorites.exe

%AppData%\microsoft\cd burning\khatra.exe

%CommonDesktopDir%\desktop.exe

%CommonFavorites%\favorites.exe

%CommonPrograms%\startup\avg.exe

%CommonPrograms%\startup\java7.exe

%DesktopDir%\desktop.exe

%FontsDir%\84baa.com

%ProgramFiles%\%stemp%\bifrost.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\explorer.exe

%ProgramFiles%\skype\skype.exe

%System%\1025.exe

%System%\1028.exe

%System%\1031.exe

%System%\1033.exe

%System%\1037.exe

%System%\1041.exe

%System%\1042.exe

%System%\1054.exe

%System%\2052.exe

%System%\3076.exe

%System%\3com_dmi.exe

%System%\bifrost\server.exe

%System%\blastclnnn.exe

%System%\catroot.exe

%System%\catroot2.exe

%System%\com.exe

%System%\config.exe

%System%\dhcp.exe

%System%\directx.exe

%System%\drivers.exe

%System%\export.exe

%System%\gbpsv.exe

%System%\ias.exe

%System%\icsxml.exe

%System%\ime.exe

%System%\inetsrv.exe

%System%\isass.exe

%System%\khatra.exe

%System%\macromed.exe

%System%\microsoft.exe

%System%\msdtc.exe

%System%\msmsgs.exe

%System%\mui.exe

%System%\npp.exe

%System%\ntmsdata.exe

%System%\oobe.exe

%System%\pes.exe

%System%\ras.exe

%System%\reader_s.exe

%System%\regsvr.exe

%System%\reinstallbackups.exe

%System%\restore.exe

%System%\rvhost.exe

%System%\scvhosts.exe

%System%\setup.exe

%System%\shellext.exe

%System%\spool.exe

%System%\ssvichosst.exe

%System%\svrchost.exe

%System%\usmt.exe

%System%\wbem.exe

%System%\winrar\winrar.exe

%System%\wins.exe

%System%\wuauc1t.exe

%System%\xircom.exe

%Temp%\0005a59e_rar\msmsgs.exe

%Temp%\0005a5dc_rar\scvhosts.exe

%Temp%\0005d1ce_rar\msmsgs.exe

%Temp%\0005d299_rar\scvhosts.exe

%Temp%\0005d374_rar\blastclnnn.exe

%Temp%\0005d393_rar\hinhem.scr

%Temp%\bb5logger.exe

%Temp%\ixp000.tmp\binder.exe

%UserProfile%\desktop.exe

%UserProfile%\reader_s.exe

%UserProfile%\saluko.exe

%Windir%\bifrost.exe

%Windir%\hinhem.scr

%Windir%\inetinfx.exe

%Windir%\khatarnakh.exe

%Windir%\regsvr.exe

%Windir%\rvhost.exe

%Windir%\scvhosts.exe

%Windir%\server.exe

%Windir%\ssvichosst.exe

%Windir%\svchost.exe

%Windir%\svrchost.exe

%Windir%\system\ghost.exe

%Windir%\windows.exe

%Windir%\xplorer.exe

c:\bifrost\server.exe

c:\cleanup.exe

c:\explorer.exe

c:\fun.xls.exe

c:\inetpub.exe

c:\khatra.exe

c:\kill.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.