home

mpkview.exe

Refog Inc.

The application mpkview.exe by Refog has been detected as a potentially unwanted program by 7 anti-malware scanners.
Publisher:
Refog Inc.  (signed and verified)

Description:
REFOG Software

Version:
7.0.3.1412

MD5:
f88fa9051267074153875e42eaddc4bb

SHA-1:
52fbe085990fe56df1da81192d7727036493b0ea

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 1:31:01 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
14706

ESET NOD32
Win32/KeyLogger.Refog (variant)
9.7840

McAfee
Keylog-Refog
5600.6623

Microsoft Security Essentials
MonitoringTool:Win32/KGBKeylogger
1.163.1557.0

Reason Heuristics
PUP.Refog (M)
15.10.3.15

Sophos
KGB Keylogger
4.84

VIPRE Antivirus
Refog Inc.
14714

File size:
3.7 MB (3,894,096 bytes)

Product version:
7.0.3.1412

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpkview.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 1:00:00 AM

Valid to:
2/7/2012 12:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
10/17/2011 8:55:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:OtrtpXNiIqOZxyENJGS7/v0BVWZl+oqXL30uqJqmRWIB:mt5s7OLXNJGS7/s/AMpE+m/

Entry address:
0x1000

Entry point:
68, 01, 10, C3, 00, E8, 01, 00, 00, 00, C3, C3, 17, DD, 3C, D4, 53, CA, FB, 56, A4, A8, FF, 60, 56, C3, 1F, 57, 34, 3B, 5F, 74, FB, E7, 49, FE, 69, 25, 53, 42, 34, 3C, AD, 06, F5, 47, F3, 5E, 05, 99, EC, 1F, E0, 0C, E1, 74, 49, 50, 52, 8E, 87, CA, F2, 16, 62, 0F, 7F, 23, 13, 04, BD, A1, EF, AB, F4, 87, 88, 4B, 53, 6B, 6D, 66, 08, 05, 5A, 9A, 8F, B4, E9, 49, B6, D4, BC, 39, 02, F9, B2, EC, BA, CF, 99, B6, E7, 0F, D5, 92, 69, 9C, F5, 79, C4, 2B, 00, FE, CA, 86, F8, AB, 27, E9, 55, AD, 82, E2, CC, 37, 89, 4C...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.8 MB (5,035,520 bytes)

Windows Firewall Allowed Program
Name:
C:\WINDOWS\system32\MPK\MpkView.exe


Remove mpkview.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.