GridinSoft Threat Intelligence
oldTmp.exe threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Heur!. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Heur!
- Recommended action
- Scan and remove
- Last analysis
- 2026-05-21 14:00:37 (6 days ago)
- File hash
- 21626c5769b401e007b4273b8df9d86d
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Heur!, part of the Trojan threat category.
Malware disguised as legitimate software or delivered through deceptive packaging. Related Trojan reports help compare this file with nearby detections, publishers, and hashes.
First seen 2020-10-02 13:28:31 (5 years ago); latest analysis 2026-05-21 14:00:37 (6 days ago).
Company metadata: Copyright 2019-2020 REFOR Electronics Co,.Ltd . Product metadata: REFOR.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present. Review the Trojan category for related samples and common context.
File context
oldTmp.exe is a Windows file recorded in the ThreatInfo database. It is associated with REFOR. The reported company name is Copyright 2019-2020 REFOR Electronics Co,.Ltd . The current detection status is Trojan.Heur!, based on the latest analysis from 2026-05-21 14:00:37 (6 days ago). ThreatInfo groups this verdict with Trojan reports for broader family-level investigation.
If oldTmp.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Heur!.
File Details
| Product Name: | REFOR |
| Company Name: | Copyright 2019-2020 REFOR Electronics Co,.Ltd |
| MD5: | 21626c5769b401e007b4273b8df9d86d |
| Size: | 6 MB |
| First Published: | 2020-10-02 13:28:31 (5 years ago) |
| Latest Published: | 2026-05-21 14:00:37 (6 days ago) |
| Status: | Trojan.Heur! (on last analysis) | |
| Analysis Date: | 2026-05-21 14:00:37 (6 days ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Common Places:
| %desktop% |
| %profile%\downloads |
| %sysdrive%\utilidades\esquematicos\refox v3.5 |
ThreatInfo has observed oldTmp.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen oldTmp.exe across 4 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Bangladesh with 25.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for oldTmp.exe is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
oldTmp.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
3e0d566de11c48cfa63f53d78c515bb5
b438dc311d1e22be97c39e0beffe5029
a5708a05bb5c63a0afa2f7cc7170cfea
09a067ebdac5a94435e5a34a10a5b925
b5aba1283c847c1d2956215bdbad09ff
4a165db38d8c0e05c0755fbf6dc33141
3d061ad421a8c29a09928d8e0a39978a
5bdfc5fda4d21e7ee5ef95bd84b9b6f1
34436c8d782e264faee68c013e19dd9c
d41d8cd98f00b204e9800998ecf8427e
ccaa320390b83b4b53c58a7207a60bb1
000a8d2d39309b5d0cb7ad76511f1b4c
f8ca6de8a12fe51504c85c71f1e1b669
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Heur!
This report identifies oldTmp.exe by MD5 21626c5769b401e007b4273b8df9d86d. It is part of the Trojan report group. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.