home

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 14 anti-malware scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.
Publisher:
Refog Inc.  (signed and verified)

Version:
7.0.3.1412

MD5:
f0bbe1351ecdf1e1c599f1aa499f288d

SHA-1:
01140d81bc779a96ab945468442e61b2a4ee6794

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
5/10/2024 3:19:47 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Refog-A [PUP]
2014.9-151003

Clam AntiVirus
Trojan.KGBKeylog
0.98/213

Comodo Security
UnclassifiedMalware
18424

ESET NOD32
Win32/KeyLogger.Refog (variant)
9.9887

Fortinet FortiGate
Riskware/Refog
10/3/2015

IKARUS anti.virus
MonitoringTool
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12292

Kaspersky
not-a-virus:Monitor.Win32.KeyLogger
14.0.0.1332

Malwarebytes
Spyware.Keylogger
v2015.10.03.03

McAfee
Keylog-Refog
5600.6623

Microsoft Security Essentials
MonitoringTool:Win32/KGBKeylogger
1.10600

Panda Antivirus
Trj/Thed.B
15.10.03.03

Reason Heuristics
PUP.Refog (M)
15.10.3.15

VIPRE Antivirus
Refog Inc.
29902

File size:
1.4 MB (1,447,760 bytes)

Product version:
7.0.3.1412

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpk.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 1:00:00 AM

Valid to:
2/7/2012 12:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
10/17/2011 8:55:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:vrmlYeQ1io7TKru/fLtlyLOA3owSFtBACxqtdIAl2aJqUFkhk4PJVb:DmlYaoiru/xlydnSFtegol2aJqUOLPJ1

Entry address:
0x1000

Entry point:
68, 01, 90, 76, 00, E8, 01, 00, 00, 00, C3, C3, DE, 5C, C7, D8, 78, AF, 29, 7E, 87, 64, 66, 8A, A2, 5B, 40, B6, 60, AF, 3B, 09, 46, 19, 5A, B2, A0, 4E, 73, BB, 55, A2, B5, A8, 54, 62, 75, 07, D4, 1D, FE, 8C, F9, 1D, B7, F7, A9, 35, AE, 83, 87, 36, 3F, 7B, D3, B4, 5C, 22, 32, C1, 6C, F9, 17, 8A, 28, AD, 01, 59, B7, 0E, EE, D7, 83, 34, 33, 40, 83, 5C, 73, B1, 10, 33, B8, 76, F1, 75, A7, 01, 86, 17, 72, 7B, 61, 53, 6F, 18, 9E, 5B, 21, 18, B9, 08, 9A, CC, 2D, 91, 96, 11, 71, 17, 32, B6, A1, 4F, D5, 41, 41, F3...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,112,512 bytes)

Windows Firewall Allowed Program
Name:
C:\WINDOWS\system32\MPK\Mpk.exe


Remove mpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.