Associated Malware Groups
The filename is associated with the malware groups:
- Malware Downloader
- Hijacker
- Cloaked Malware
- Worm
File Behavior
~TMPA.EXE has been seen to perform the following behavior:
- Executes a Process
- Copies files
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
- Enables an In Process Object/Server - Common with DLL Injections
- The Process is polymorphic and can change its structure
- Registers a Dynamic Link Library File
- Uses hidden browser windows to connect to web sites without telling you
- Opens browser pop ups
- Runs Javascript code
- Visits web sites on your PC without you knowing
- Adds products to the system registry
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Executes Processes stored in Temporary Folders
- Can communicate with other computer systems using HTTP protocols
~TMPA.EXE has been the subject of the following behavior:
- Created as a process on disk
- Copied to multiple locations on the system
- Deleted as a process from disk
- Executed as a Process
- Executed from Temporary Folders
- Added as a Registry auto start to load Program on Boot up
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
Country Of Origin
The filename ~TMPA.EXE was first seen on Oct 19 2008 in the following geographical regions of the Prevx community:
- GERMANY on Oct 19 2008
- SPAIN on Nov 10 2008
- The EUROPEAN UNION on Nov 10 2008
File Name Aliases
~TMPA.EXE can also use the following file names:
- ~TMPC.EXE
- 03994238.TXT
- 92863748.SVD
- 78929613.EXE
- 96029613.DAT
- 31591825.EX_
- 5A41.TMP
- 5A41.TMP.EXE
- 5A0F.TMP.EXE
- ~TMPD.EXE
- $R43GX0J.EXE
- $RYB7708.EXE
- 60261537.GIF
- 85285934.GIF
- 56861339.GIF
Filesizes
The following file size has been seen:
- 151,556 bytes
- 102,404 bytes
- 95,236 bytes
- 106,500 bytes
- 126,980 bytes
- 93,700 bytes
- 81,920 bytes
File Type
The filename ~TMPA.EXE refers to many versions of an executable program.
File Activity
One or more files with the name ~TMPA.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\windows\system32
- Creates c:\windows\system32\msxml71.dll
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.