» mpk.dll
Overview
Analysis
File Details

mpk.dll

Refog Inc.

The module mpk.dll by Refog has been detected as a potentially unwanted program by 16 anti-malware scanners.

File name:

mpk.dll

Publisher:

Refog Inc. (signed and verified)

MD5:

29ff8524f8d2ff4da4124586e1dcbdbd

SHA-1:

80163c19f0d59bc3130ccf79a0c7331ba3ca621a

SHA-256:

6cc420660a5721f7bf30a06663c294e457edc18917aa5ef8561b63d0e20c7cb2

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/26/2024 5:49:41 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/KeyLogger.CB

7.11.11.235

avast!

Win32:KeyLogger-ARU [PUP]

2014.9-151101

Bitdefender

Application.Keylogger.Refog.E

1.0.20.1525

Clam AntiVirus

Trojan.Kgbkeylog-5

0.98/18011

ESET NOD32

Win32/KeyLogger.Refog.615

9.6308

F-Secure

Application.Keylogger.Refog

11.2015-01-11_1

G Data

Application.Keylogger.Refog

15.11.22

IKARUS anti.virus

MonitoringTool

t3scan.1.1.104.0

McAfee

Artemis!29FF8524F8D2

5600.6595

Microsoft Security Essentials

MonitoringTool:Win32/KGBKeylogger

1.163.1557.0

Norman

W32/Suspicious_Gen2.HFQCZ

11.20151101

Quick Heal

MonitoringTool.KGBKeylogger (Not a Virus)

11.15.11.00

Reason Heuristics

PUP.Refog (M)

15.11.1.7

Rising Antivirus

Trojan.Win32.Generic.1258280A

23.00.65.151030

Sophos

KGB Keylogger

4.67

VIPRE Antivirus

Refog Inc.

9904

File size:

80.8 KB (82,768 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\mpk\mpk.dll

Digital Signature

Signed by:

Refog Inc.

Authority:

VeriSign, Inc.

Valid from:

2/6/2010 2:00:00 AM

Valid to:

2/7/2012 1:59:59 AM

Subject:

CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2C65F10795394990A2209CE7972CFBAC

File PE Metadata

Compilation timestamp:

9/13/2010 3:19:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:sEOcScvpeEYQqDrVQ8MgSRbt4WqUBCFOD:sfcS6oDQmHMgSRt4WqhOD

Entry address:

0x28B2

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, A3, 1A, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 6A, 0C, 68, 10, D2, 00, 10, E8, 05, 03, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 64, 00, 01, 10, 03, 75, 43, 6A, 04, E8, C3, 1C, 00, 00, 59, 83, 65, FC, 00, 56, E8, 31, 1D, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 4D, 1D, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, B1, 1B, 00, 00, 59, C3... 
[+]

Code size:

32 KB (32,768 bytes)

Remove mpk.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.