home

bpk.exe

The application bpk.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. While running, it connects to the Internet address 200-147-99-132.static.uol.com.br on port 587.
MD5:
eaaead92f830457d84bd11dd9896a986

SHA-1:
7718ed4dc04222e69ee5edbb994ab77368aabd7c

SHA-256:
ea74305fcfe3ac2f8d3c670024cc94d88714107bef6a6439dfa2ad37529c36ef

Scanner detections:
33 / 68

Status:
Potentially unwanted

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/19/2024 4:54:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.PerfectKeylogger
7.1.1

AhnLab V3 Security
Unwanted/Win32.Keylogger
2012.10.04

Avira AntiVirus
DR/Perflogger.AH
7.11.45.12

avast!
Win32:Perflogger-CG [PUP]
2014.9-150707

AVG
Logger
2016.0.3055

Bitdefender
Application.PerfectKeylogger.AB
1.0.20.940

Clam AntiVirus
Trojan.Perflog-36
0.98/18155

Comodo Security
ApplicUnwnt.Win32.Monitor.Perflogger.AD
13745

Dr.Web
Trojan.Peflog.12
9.0.1.0188

Emsisoft Anti-Malware
Riskware.Monitor.Win32.Perflogger!IK
8.15.07.07.05

ESET NOD32
Win32/Spy.PerfKey
9.7544

Fortinet FortiGate
Riskware/Perfect
7/7/2015

F-Prot
W32/Monitor.AFL
v6.4.6.5.141

F-Secure
Application.PerfectKeylogger.AB
11.2015-07-07_3

G Data
Application.PerfectKeylogger.AB
15.7.22

IKARUS anti.virus
not-a-virus:Monitor.Win32.Perflogger
t3scan.1.1.122.0

K7 AntiVirus
Riskware
13.153.7685

Kaspersky
not-a-virus:Monitor.Win32.Perflogger
14.0.0.1771

McAfee
Keylog-Perfect.gen
5600.6711

Microsoft Security Essentials
MonitoringTool:Win32/PerfectKeylogger
1.163.1557.0

Norman
W32/Perfloger.ANT
11.20150707

nProtect
Trojan-Spy/W32.Perflogger.434176.C
12.10.03.01

Panda Antivirus
Application/PerfectKeyLog.AJ
15.07.07.05

Quick Heal
Trojan.PerfectKeylogger.A4
7.15.12.00

Rising Antivirus
Trojan.Win32.Generic.128B220F
23.00.65.15705

Sophos
Perfect Keylogger
4.81

SUPERAntiSpyware
Keylogger.PerfectKeyLogger
9768

Total Defense
Win32/Perflogger.BC
37.0.10103

Trend Micro House Call
SPYW_PERFECT.AN
7.2.188

Trend Micro
SPYW_PERFECT.AN
10.465.07

Vba32 AntiVirus
Trojan-Spy.PerfKey.c
3.12.18.2

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
13364

ViRobot
Monitor.Perflogger.434176
2011.4.7.4223

File size:
424 KB (434,176 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\bpk.exe

File PE Metadata
Compilation timestamp:
8/26/2007 6:18:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ki4KeFXKGGxQmCsNEgcFxTGDobxn0ssRtHFaB:ki4KeFXKGGxP+F2obOvRtl8

Entry address:
0x3E36E

Entry point:
55, 8B, EC, 6A, FF, 68, 70, 95, 44, 00, 68, DE, E4, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 24, 38, 44, 00, 59, 83, 0D, 00, 4C, 45, 00, FF, 83, 0D, 04, 4C, 45, 00, FF, FF, 15, B4, 37, 44, 00, 8B, 0D, E0, 4B, 45, 00, 89, 08, FF, 15, 58, 37, 44, 00, 8B, 0D, DC, 4B, 45, 00, 89, 08, A1, 5C, 37, 44, 00, 8B, 00, A3, FC, 4B, 45, 00, E8, 1C, 38, FE, FF, 39, 1D, 90, 40, 45, 00, 75, 0C, 68, 08, E5, 43, 00, FF, 15, 60, 37...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
264 KB (270,336 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 200-147-99-132.static.uol.com.br  (200.147.99.132:587)

TCP:
Connects to 24.r1-sea01.vietnap.net  (69.46.41.24:587)

TCP (SMTP):
Connects to mtaout-a-mtc-a.mx.aol.com  (64.12.88.133:25)

TCP (SMTP):
Connects to mtaout-a-atc-a.mx.aol.com  (152.163.0.69:25)

Remove bpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.