home

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 12 anti-malware scanners.
Publisher:
Refog Inc.  (signed and verified)

Version:
6.4.3.1164

MD5:
069fd5f31e86d9c6d41b358f502bc7e2

SHA-1:
8a81e7afa2696a3c696a4d08997cf0cb500ad205

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:15:50 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/Tool.KGBKeylogger.179
7.11.180.66

avast!
Win32:PUP-gen [PUP]
2014.9-150607

Bkav FE
W32.Clod693.Trojan
1.3.0.4959

Clam AntiVirus
Trojan.KGBKeylog
0.98/21411

Comodo Security
UnclassifiedMalware
19867

ESET NOD32
Win32/KeyLogger.Refog (variant)
9.10598

Fortinet FortiGate
Riskware/Refog
6/7/2015

IKARUS anti.virus
MonitoringTool
t3scan.1.7.8.0

McAfee
Keylog-Refog
5600.6741

Microsoft Security Essentials
MonitoringTool:Win32/RefogKeylogger
1.11104

Reason Heuristics
PUP.Refog
15.6.7.17

VIPRE Antivirus
Refog Inc.
34124

File size:
1.3 MB (1,324,368 bytes)

Product version:
6.4.3.1164

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpk.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 1:00:00 AM

Valid to:
2/7/2012 12:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
8/9/2011 10:19:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:eO3a/bfaCZs+leZRYxTM9VnDLAtpP8ztdkj2rXvfN55BhNQG6aJqFU30KSvTwvVF:eO3azfat+YptAtpPSqevfN5nn76aJqF2

Entry address:
0x1000

Entry point:
68, 01, B0, 72, 00, E8, 01, 00, 00, 00, C3, C3, 86, E2, 62, 71, 1D, 6C, 85, 5B, 39, 57, 63, C2, E1, 9C, 79, 42, E0, 7F, D5, 63, 38, C3, D0, 4F, 29, DF, A8, F0, 2D, 2A, 38, 78, 7A, EA, 4C, A4, 59, EB, 8D, 2D, ED, 3F, D5, DF, 90, FD, 7B, DF, 5D, A7, 0C, 0C, DC, 4B, 22, A1, EA, F1, 15, E3, 34, D9, B1, 3B, 3C, 8F, A8, A5, 21, 66, 76, 49, E5, F9, 86, 5F, 3B, 22, 5A, 62, 47, EA, 60, EF, D4, 86, 9A, 6A, A3, 9E, 7E, 88, F2, 30, 48, F8, A2, BF, D6, E3, EE, 5C, AB, DB, C4, A7, 1D, 22, F8, 13, E5, F6, 01, BF, 6E, 56...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
2 MB (2,078,720 bytes)

Remove mpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.