Associated Malware Groups
The filename is associated with the malware groups:
File Behavior
~TMPF.EXE has been seen to perform the following behavior:
- The Process is polymorphic and can change its structure
- Registers a Dynamic Link Library File
- Enables an In Process Object/Server - Common with DLL Injections
- The Process is packed and/or encrypted using a software packing process
- Can communicate with other computer systems using HTTP protocols
- Writes to another Process's Virtual Memory (Process Hijacking)
- Executes a Process
- Uses hidden browser windows to connect to web sites without telling you
- Opens browser pop ups
- Runs Javascript code
~TMPF.EXE has been the subject of the following behavior:
- Executed as a Process
- Executed from Temporary Folders
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
- Deleted as a process from disk
- Copied to multiple locations on the system
- Registered as a Dynamic Link Library File
Country Of Origin
The filename ~TMPF.EXE was first seen on Oct 22 2008 in the following geographical regions of the Prevx community:
- SPAIN on Oct 22 2008
- The EUROPEAN UNION on Oct 24 2008
- BELGIUM on Oct 24 2008
File Name Aliases
~TMPF.EXE can also use the following file names:
- 39040432.DAT
- ~TMPG.EXE
- ~TMPA.EXE
- 98962359.DAT
- 66303545.EXE
- ~TMPD.EXE
- ~TMPC.EXE
- 77064866.GIF
- RARGS.BAT
Filesizes
The following file size has been seen:
- 102,404 bytes
- 106,500 bytes
- 82,944 bytes
- 81,920 bytes
- 172,036 bytes
File Type
The filename ~TMPF.EXE refers to many versions of an executable program.
File Activity
One or more files with the name ~TMPF.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\windows\system32
- Creates c:\windows\system32\msxml71.dll
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.