» mpk64.dll
Overview
Analysis
File Details

mpk64.dll

Refog Inc.

The module mpk64.dll by Refog has been detected as a potentially unwanted program by 6 anti-malware scanners.

File name:

mpk64.dll

Publisher:

Refog Inc. (signed and verified)

MD5:

7d66a5b740fe092e7ceb0e3b8722b04a

SHA-1:

e622fa17bdee97be6d46ea9517fb9559a2447007

SHA-256:

7986ab67f400ef256d31b1acef76691473be72288d7a85f747e60fd7d7406ac1

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 11:03:11 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Clam AntiVirus

Trojan.KGBKeylog-2

0.98/18155

Comodo Security

UnclassifiedMalware

16717

McAfee

Keylog-Refog

5600.6928

Reason Heuristics

PUP.Refog

15.1.12.11

Trend Micro House Call

TROJ_GEN.F47V0625

7.2.337

VIPRE Antivirus

Refog Inc.

20202

File size:

450.3 KB (461,144 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\windows\syswow64\mpk\mpk64.dll

Digital Signature

Signed by:

Refog Inc.

Authority:

VeriSign, Inc.

Valid from:

12/12/2011 1:00:00 AM

Valid to:

2/6/2013 12:59:59 AM

Subject:

CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1FC4489003E01028139915C2D888675C

File PE Metadata

Compilation timestamp:

3/11/2012 11:02:13 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:Cu82PQVe3Mm9cUuw+TbcWOiSewNVil0Vrw/tQ0ubSFQrecqNsEJzKvPXn/XoT7Q4:Cu8QJrTIoVXd+

Entry address:

0x20770

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 83, FA, 01, 49, 8B, F8, 8B, DA, 48, 8B, F1, 75, 05, E8, 9F, 71, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 83, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 30, 48, 8B, D9, B9, 0E, 00, 00, 00, E8, CD, 4E, 00, 00, 90, 48, 8B, 43, 08, 48, 85, C0, 74, 47, 48, 8B, 0D, 14, DE, 04, 00, 48, 89, 4C, 24, 20, 48, 8D, 15, 00, DE, 04, 00, 48, 85, C9, 74, 1E, 48, 39, 01, 75, 0F, 48, 8B, 41, 08, 48, 89... 
[+]

Code size:

170 KB (174,080 bytes)

Remove mpk64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.