• The UNITED KINGDOM on May 6 2008
• KENYA on Jul 21 2008
• The EUROPEAN UNION on Apr 20 2008

The most common file size is 31,232 bytes. But the following file sizes have also been seen:

• 33,792 bytes
• 97,792 bytes
• 64,000 bytes

The filename is associated with the malware group Backdoor.Trojan.Some files using the name IUHI64.EXE are also associated with the malware groups:

• TROJAN.AGENT.GEN
• Malware:RontoKBro.T
• Generic10.OUY

These files may have the following Vendor, Product, Version Information in the file header

IUHI64.EXE has been seen to perform the following behavior(s):

• The Process is packed and/or encrypted using a software packing process
• Executes a Process
• Writes to another Process's Virtual Memory (Process Hijacking)
• Injects code into other processes
• Uses DNS to retrieve the IP address for web sites
• Uses your PC to connect to Chat rooms
• This Process is a file infector which modifies program files to include a host a copy of the infection
• This Process Creates Other Processes On Disk
• Creates new folders in the file system

IUHI64.EXE has been the subject of the following behavior(s):

• Added as a Registry auto start to load Program on Boot up
• Has code inserted into its Virtual Memory space by other programs
• Executed as a Process
• Added as a Registry Key (DXCOM) to auto start Programs on system start up
• Created as a process on disk
• Copied to multiple locations on the system
• Deleted as a process from disk

IUHI64.EXE can also use the following file names:

• SMSS.EXE
• 75264609.EXE
• BTS[1].EXE
• 49787404.DAT
• 13583181.SVD
• BTY.EXE
• BOTY[1].EXE
• 31457335.EXE
• 74941835.DAT
• 20800546.DAT
• 01117808.EXE
• 84746086.EXE
• 59383313.DAT
• 97358708.DAT
• BACKUP.EXE
• 89683178.DAT
• 32166109.EXE
• 29450767.MXO
• 77511171.EXE
• 65554488.SVD