home

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
Refog Inc.  (signed and verified)

Version:
8.1.6.2085

MD5:
54c818f191a578504dc53b6a2e4ba060

SHA-1:
1998239cec7f0bbac6ac9097ef0cdcede9463c16

SHA-256:
a11f949d990639d163dda1154a30177d82f52644c522a34e0f923dba153b9c30

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 9:15:46 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
21717

Dr.Web
Program.MPK.12
9.0.1.0241

ESET NOD32
Win32/Monitor.MIPKOEmployeeMonitor.AC potentially unsafe (variant)
9.11455

Fortinet FortiGate
W32/Keylogger.AC!tr
8/29/2015

McAfee
Artemis!54C818F191A5
5600.6659

Microsoft Security Essentials
MonitoringTool:Win32/RefogKeylogger
1.1.11502.0

Panda Antivirus
Trj/Chgt.B
15.08.29.08

Reason Heuristics
PUP.Refog (M)
15.8.29.8

Sophos
Refog Keylogger
4.98

VIPRE Antivirus
Refog Inc.
39222

File size:
1.8 MB (1,849,144 bytes)

Product version:
8.1.6.2085

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\syswow64\mpk\mpk.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/4/2013 3:00:00 AM

Valid to:
3/6/2016 2:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7FF3DAF8E8B0D4A05A226B85F1054E87

File PE Metadata
Compilation timestamp:
8/7/2014 10:12:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:eYzTioz/Bm8V9RbzBNHJTiNgel4E3zyisTlOCVjiETFd:jTioTl7vihKcCtb

Entry address:
0x1000

Entry point:
68, 01, F0, 97, 00, E8, 01, 00, 00, 00, C3, C3, 7C, EA, 4B, 0F, 03, A4, E9, 9F, 84, 54, BC, BF, A1, 95, E7, C0, ED, 0B, 1C, 23, E2, F2, 95, 1D, 40, 0F, 15, 21, 26, E3, F8, 7D, AF, 0B, 5E, BA, 6B, 02, F4, 7F, 5E, 3B, 27, A4, 75, 4D, A5, 1E, 8F, 41, 83, 31, 37, ED, 96, AC, 54, 92, B6, 04, F1, 1F, 38, 1A, 46, 24, BD, 59, 90, 89, ED, 16, 6B, 23, C2, F7, 10, FF, 2B, B7, 35, B6, B2, 7C, C7, 36, E0, F8, 32, 11, CF, 18, FF, C8, E9, 82, 0F, A2, 5F, A4, 36, B7, 32, 6F, 3C, AA, 75, 26, 4A, 79, F6, 22, D2, C5, 16, 03...
 
[+]

Entropy:
7.9909

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.2 MB (4,389,376 bytes)

Remove mpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.