Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

5e2ba 50.00%
834de 50.00%
(Note, the developer publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegEnumValueA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegNotifyChangeKeyValue, RegQueryValueA, RegSetValueA, RegDeleteKeyA, RegOpenKeyExA, RegEnumKeyA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyA, RegCreateKeyA, RegSetValueExA, RegCloseKey, GetCurrentHwProfileA
kernel32.dll
LoadLibraryA, SetEvent, FreeLibrary, GetExitCodeThread, GetModuleHandleA, LocalFree, LocalReAlloc, GetModuleFileNameA, LocalAlloc, FindClose, FindFirstFileA, ResetEvent, GetSystemTime, SetPriorityClass, GetCurrentProcess, CreateEventA, ResumeThread, SuspendThread, WaitForMultipleObjects, GetTickCount, ExitThread, lstrcmpA, CreateProcessA, SetThreadPriority, WaitForSingleObject, GetProcAddress, TerminateThread, CreateThread, CloseHandle, GetVersionExA, CreateFileA, LocalSize, DeviceIoControl, SetStdHandle, GetOEMCP, GetACP, GetCPInfo, SetFilePointer, GetLastError, WriteFile, RtlUnwind, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, FlushFileBuffers, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, TerminateProcess, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, WideCharToMultiByte, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, HeapFree, HeapAlloc
shell32.dll
ShellExecuteA
user32.dll
EnumDisplaySettingsA, FindWindowA, MessageBeep, keybd_event, GetSystemMetrics, WaitForInputIdle, PostQuitMessage, RegisterClassExA, CreateWindowExA, ShowWindow, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, SetTimer, DestroyWindow, SetForegroundWindow, IsWindow, DefWindowProcA, KillTimer, EnumThreadWindows, PostMessageA, GetActiveWindow, AttachThreadInput, OpenInputDesktop, GetUserObjectInformationA, CloseDesktop, GetForegroundWindow, GetWindowThreadProcessId
winmm.dll
mixerGetControlDetailsA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerClose, mixerSetControlDetails

TPHKMGR.exe

Remove TPHKMGR.exe
MD5:   834dea05aa7e9c4753d7adf09cb605de
SHA1:   e193aad748be47bfd0a87d10d9856c0a997de908
SHA256:   e387f44f522523277e7099f953bad1156fbdc93ca43e61489610a876b92717b6
Warning 4 antivirus scanners has detected malware.

Overview

TPHKMGR.exe is malware that executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine).

DetailsDetails

File name:TPHKMGR.exe
Typical file path:C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
Size:68 KB (69,632 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'TPHOTKEY' → C:\Program Files1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

MalwareMalware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engineEngine versionDetection
Avira AntiVir 7.11.21.50 TR/Agent.69632.166
avast! 6.0.1289.0 Win32:Malware-gen
G Data 13.8.22 Win32:Malware-gen
Panda Antivirus 10.0.3.5 Suspicious file

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00162972%
0.028634%
Kernel CPU:0.00018938%
0.013761%
User CPU:0.00144034%
0.014873%
Kernel CPU time:3,104 ms/min
100,923,805ms/min
Context switches:10/sec
284/sec
Memory
Private memory:2.28 MB
21.59 MB
Private (maximum):4.63 MB
Private (minimum):240 KB
Non-paged memory:2.28 MB
21.59 MB
Virtual memory:36.93 MB
140.96 MB
Virtual memory (peak):37 MB
169.69 MB
Working set:324 KB
18.61 MB
Working set (peak):4.63 MB
37.95 MB
Page faults:1,465/min
2,039/min
I/O
I/O read transfer:29 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:0 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:10.9 KB/sec
448.09 KB/min
I/O other operations:643/sec
1,671/min
Resource allocations
Threads:2
12
Handles:103
600
GUI GDI count:11
103
GUI USER count:5
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\progra~1\thinkpad\pkgmgr\hotkey\tphkmgr.exe"
Owner:User
Parent process:Explorer.EXE (Windows Explorer by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 100.00%

Distribution by countryDistribution by country

United States installs about 50.00% of TPHKMGR.exe.
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE