How to remove tmp.exe
tmp.exe
The module tmp.exe has been detected as Trojan.CoinMiner
File Details
Product Name: | Xост-прoцесс для cлужб Windows |
Company Name: | Microsoft Corporation |
MD5: | 7e5fb3372131c3225971f6b0d2e9ec31 |
Size: | 68 KB |
First Published: | 2017-11-27 06:03:59 (6 years ago) |
Latest Published: | 2020-07-31 14:08:47 (3 years ago) |
Status: | Trojan.CoinMiner (on last analysis) | |
Analysis Date: | 2020-07-31 14:08:47 (3 years ago) |
Common Places:
%appdata%\microsoft\network\connections |
%appdata%\microsoft\network |
%temp% |
%sysdrive%\windows.old\users\данила\appdata\local |
%sysdrive%\$recycle.bin |
%appdata%\microsoft\network |
%appdata%\microsoft\network |
%appdata%\microsoft\network |
%temp% |
File Names:
hostdl.exe |
tmp.exe |
$RTCZ9Y4.exe |
Geography:
77.1% | ||
8.6% | ||
8.6% | ||
5.7% |
OS Version:
Windows 10 | 51.4% | |
Windows 7 | 28.6% | |
Windows 8.1 | 20.0% |
Analysis
Subsystem: | Windows GUI |
PE Type: | pe |
OS Bitness: | 32 |
Image Base: | 0x00400000 |
Entry Address: | 0x000122ce |
.NET Info:
MVID: | b89f8b06-82a9-45d9-9bca-577273965e08 |
PE Sections:
Name | Size of data | MD5 |
.text | 66560 | 6e18b15c539b06b1e2da2895c86079f8 |
.rsrc | 2048 | 5c7588a0eda6db3ccb83bb07e249085c |
.reloc | 512 | 06a3ad150757420608243cf2ab8495d6 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for tmp.exe