• SPAIN on Jun 17 2008
• URUGUAY on Jun 14 2008
• PHILIPPINES on Jun 17 2008

The most common file size is 30,792 bytes. But the following file sizes have also been seen:

• 511 bytes
• 30,720 bytes
• 23,040 bytes
• 29,638 bytes

The unsafe files using this name are associated with the malware group TROJAN.AGENT.GEN.Some files using the name WINHET.EXE are also associated with the malware groups:

• I-Worm/Stration.DTP
• Win32/CIH

WINHET.EXE has been seen to perform the following behavior(s):

• The Process is packed and/or encrypted using a software packing process
• Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
• Adds a Registry Key (RUN) to auto start Programs on system start up
• Creates a TCP port which listens and is available for communication initiated by other computers
• Writes to another Process's Virtual Memory (Process Hijacking)
• Creates a new Background Service on the machine
• Uses DNS to retrieve the IP address for web sites
• Registers a Dynamic Link Library File
• Modifies Windows Initialization And System Settings Used On Start up
• This Process Creates Other Processes On Disk

WINHET.EXE has been the subject of the following behavior(s):

• Added as a Registry auto start to load Program on Boot up
• Executed as a Process
• Created as a process on disk
• Terminated as a Process
• Deleted as a process from disk
• Has code inserted into its Virtual Memory space by other programs

WINHET.EXE can also use the following file names:

• 40740731.EXE
• A173[1].EXE
• RUNMGR.EXE
• A173[2].EXE
• 20883466.EXE
• SOOO4[1].EXE
• 21670385.DAT
• 16006972.SVD
• 33700097.EXE
• 73625794.EXE
• 99183292.EXE
• 89274962.SVD