home

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Refog Inc.  (signed and verified)

Version:
6.1.7.1044

MD5:
d09d1da1bdf0c0233cf4b9a7f829e47e

SHA-1:
811be015c825046aa16c561ad1e03d5f9cd77569

SHA-256:
8a9c0e867eedd31439ab71a8360b446f591b4fc6f1785f28c11fe0208cc1846d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 5:52:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Refog (M)
16.1.31.21

File size:
1.3 MB (1,363,280 bytes)

Product version:
6.1.7.1044

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mpk\mpk.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 12:00:00 AM

Valid to:
2/6/2012 11:59:59 PM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
6/7/2010 7:59:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:YCDEUVcRxy5s4yP1KROMs/h1/Y/n6/sptK/cRgOnmq9g6sB36rKX6xG:9WR2WIRDs/h1s6Up2cOU7m6AlMG

Entry address:
0x1000

Entry point:
68, 01, A0, 75, 00, E8, 01, 00, 00, 00, C3, C3, 32, B3, 09, BC, 6C, 2D, 21, FB, B8, 3B, 6D, 54, 23, 9A, 40, E3, CD, E4, E0, 60, AF, 25, 88, 04, E2, AD, 7D, BC, EE, BE, F6, 07, 48, D8, 9C, 28, 68, 19, 11, 56, D8, 10, 28, 30, 60, F4, 55, 65, 4A, 88, 67, A8, A8, 89, 33, 14, A0, 3A, 15, BF, 9E, 14, 3E, 67, 48, 4F, 18, 9D, C7, 4E, 16, 35, CD, 87, A6, 42, 3C, 59, 62, AC, B5, C5, D2, 91, 6E, 60, 34, E9, 77, 20, DE, B5, 74, CF, 67, 77, C4, 77, 88, 09, 6F, 04, 09, 0C, 31, 3B, DB, 99, 1B, 14, 8E, 31, C8, EF, 26, 47...
 
[+]

Entropy:
7.8298

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,088,960 bytes)

Remove mpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.