» mpktsview.exe
Overview
Analysis
File Details

mpktsview.exe

Refog Inc.

The application mpktsview.exe by Refog has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

mpktsview.exe

Publisher:

Refog Inc. (signed and verified)

Description:

REFOG Software

Version:

2.3.8.533

MD5:

a7435740e904453f81389a66fbefb1d0

SHA-1:

a3bd426838687537138f1cfa8bdf022df80bf1fb

SHA-256:

1164ed14a3285b447933c93c344908783b4b12a356123ec5be1fa2c97c36b771

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 6:43:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Refog (M)

16.1.14.9

File size:

3.2 MB (3,352,184 bytes)

Product version:

2.3.8.533

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ts\mpktsview.exe

Digital Signature

Signed by:

Refog Inc.

Authority:

VeriSign, Inc.

Valid from:

2/3/2013 4:00:00 PM

Valid to:

3/5/2016 3:59:59 PM

Subject:

CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7FF3DAF8E8B0D4A05A226B85F1054E87

File PE Metadata

Compilation timestamp:

9/30/2013 11:45:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:pDK7Jf82oV7/EcLDHg0kCeVzfpVfTsn/WjQWG86Z8zP+A9zlCVjThGCKDg:pDW9CVzEc3iCIfwZGDplCVMVg

Entry address:

0x1000

Entry point:

68, 01, C0, AF, 00, E8, 01, 00, 00, 00, C3, C3, A4, 15, 28, 3F, F9, 97, F5, F6, 90, 4C, BA, 61, E1, 18, 57, 78, DA, 8C, 21, 8E, C4, 08, FA, E3, 16, 31, 2C, FB, 21, 27, D4, 86, 5B, B4, AD, 3F, 43, 35, C5, A4, 77, B7, 89, D2, 34, 60, 3E, 21, D5, 0D, B2, 27, BD, 77, C0, D7, FD, E6, 82, F2, 7B, E1, D6, 18, BD, 7A, E8, EA, 1F, E8, 1E, E5, B2, EB, 47, 56, 1F, C3, 92, EF, 68, 84, 73, E5, 9F, DF, 65, CF, C1, 03, AE, 3F, AA, 74, 29, 60, 09, 35, 1C, 4D, 45, 8F, 9C, 26, 4A, 45, DA, ED, 6B, D2, 61, 43, 9A, DD, 03, 1D... 
[+]

Entropy:

7.9157

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

4 MB (4,213,248 bytes)

Remove mpktsview.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.