» mpk.exe
Overview
Analysis
File Details
Behaviors (1)

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 17 anti-malware scanners.

File name:

mpk.exe

Publisher:

Refog Inc. (signed and verified)

Version:

6.4.4.1171

MD5:

1c1602422881ffb86196aa57d2199ce4

SHA-1:

0c26383d47ff88b8775651363fa4bfdc3f1228df

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 8:20:02 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/RefogMonitor.112

7.11.96.40

avast!

Win32:PUP-gen [PUP]

2014.9-151016

Clam AntiVirus

Trojan.KGBKeylog

0.98/18155

Comodo Security

UnclassifiedMalware

16738

ESET NOD32

Win32/KeyLogger.Refog (variant)

9.8669

Fortinet FortiGate

Riskware/Refog

10/16/2015

F-Secure

Monitoring-Tool:W32/RefogKeylogger.A

11.2015-16-10_6

IKARUS anti.virus

MonitoringTool

t3scan.2.0.127

McAfee

Keylog-Refog

5600.6611

Microsoft Security Essentials

MonitoringTool:Win32/KGBKeylogger

1.163.1557.0

Norman

Suspicious_Gen2.SIWOX

11.20151016

Panda Antivirus

Trj/Thed.B

15.10.16.02

Quick Heal

MonitoringTool.KGBKeylogger (Not a Virus)

10.15.12.00

Reason Heuristics

PUP.Refog (M)

15.10.16.2

Trend Micro House Call

TROJ_GEN.RCBCEB2

7.2.289

Trend Micro

TROJ_GEN.RCBCEB2

10.465.16

VIPRE Antivirus

Refog Inc.

20336

File size:

1.4 MB (1,416,016 bytes)

Product version:

6.4.4.1171

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\mpk\mpk.exe

Digital Signature

Signed by:

Refog Inc.

Authority:

VeriSign, Inc.

Valid from:

2/5/2010 4:00:00 PM

Valid to:

2/6/2012 3:59:59 PM

Subject:

CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2C65F10795394990A2209CE7972CFBAC

File PE Metadata

Compilation timestamp:

9/9/2011 5:17:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ESeCAYw0NdT2FNJhPg34dyMptyQoF7UamJps3KzJ6LB4BDQ/IPt6aJqsTNQvEl:8CHRdTyRI38yooFIamgLCBDQgF6aJqsj

Entry address:

0x1000

Entry point:

68, 01, F0, 75, 00, E8, 01, 00, 00, 00, C3, C3, DE, 5C, C7, D8, 78, AD, 1B, 24, E1, 26, F3, 2C, C8, D3, DE, 22, 74, 5C, 23, 72, A0, 1B, C3, F9, 46, AC, 63, 3F, 81, AA, D0, 01, 2D, 95, 6B, 49, 43, 46, 04, DF, 08, 26, 02, 05, 73, F8, 83, B6, AC, 76, 67, BE, E9, 03, 56, 03, D8, 6D, 9B, D6, E8, 3A, FF, 2F, 85, DF, 26, A6, B2, B9, 24, BE, 45, 4C, 3A, B5, C2, C2, BB, A8, 80, D8, 62, D4, 41, 29, 92, D5, 9C, 2B, 40, D7, D0, 54, FF, 08, 29, 08, EB, 53, 0C, 97, EF, 54, 5C, 67, F4, 9C, 87, 23, 6E, 7B, DE, B4, D1, 5F... 
[+]

Entropy:

7.8378

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

2 MB (2,100,224 bytes)

Windows Firewall Allowed Program

Name:

C:\WINDOWS\system32\MPK\mpk.exe

Remove mpk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.