Threat Detection Library


Mal/Behav indicates that Sophos has detected malware that contains an executable file containing code associated with malicious behaviors, including threats that perform distributed denial of service, cryptomining, information theft, and ransomware.

Common kinds of malware include:

  • Distributed Denial of Service bots: Malicious code that makes a compromised system participate in Distributed Denial of Service (DDoS) attacks that attempt to take down websites or otherwise disrupt the internet.
  • Keyloggers: Capture keystrokes to gain personal information.
  • Ransomware: Encrypts key files and demands financial payment in return for decrypting them.
  • Remote Access Trojans or Tools (RATs): Gives attackers full control of your system. 
  • Trojan horses: Files that appear harmless but are malicious.

You can find information on malware attacks on the Sophos Naked Security blog here and the Sophos X-Ops blog here.

If you believe this detection is incorrect, please report this file to Sophos Support.

Send our lab samples for analysis.

Submit a Sample