home

mpkview.exe

Refog Inc.

The application mpkview.exe by Refog has been detected as a potentially unwanted program by 6 anti-malware scanners.
Publisher:
Refog Inc.  (signed and verified)

Description:
REFOG Software

Version:
6.3.6.1143

MD5:
bb0a27b8814d05b740d07faf5b1371b1

SHA-1:
674bb1e3f59caf1b211b18c7a6bf7e05ac3bee5d

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 3:48:10 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
PUA.Packed.ASPack
0.98/18011

ESET NOD32
Win32/Agent.DSGBADH (variant)
9.6179

Microsoft Security Essentials
MonitoringTool:Win32/KGBKeylogger
1.163.1557.0

Panda Antivirus
Trj/Thed.B
15.11.25.01

Reason Heuristics
PUP.Refog (M)
15.11.25.1

VIPRE Antivirus
Refog Inc.
9480

File size:
3.6 MB (3,820,880 bytes)

Product version:
6.3.6.1143

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpkview.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 1:00:00 AM

Valid to:
2/7/2012 12:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
2/25/2011 2:13:58 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:kmx9TwefV5C7xv52tH9dv0eDWZl+oM+RxLLJqq:kw9TLHC7D2l9dsIAMvuLwq

Entry address:
0x1000

Entry point:
68, 01, A0, C0, 00, E8, 01, 00, 00, 00, C3, C3, D9, BB, C5, 0B, 22, 5E, F8, 13, E0, 07, 4F, 7D, 09, 15, 93, 5E, F0, 7B, F0, DD, 88, 1B, 80, 8C, F5, 42, 6A, 86, 6D, BB, A6, AC, 3F, B8, 19, 3E, B1, CF, 21, B4, 4E, 3E, 61, F8, 6E, 78, B7, E4, A7, D4, CD, A7, 38, A9, 33, 73, 62, BC, F0, D7, 60, 6C, FB, 04, E6, 8C, 7B, 04, 20, E5, B7, 49, 1F, F0, 2E, 50, 6D, 00, C9, DF, A1, AB, 71, 64, 8C, 48, 5C, 7A, 3B, F4, 9A, A9, 70, D2, AD, E2, F6, 4B, 34, D8, F9, F7, 6D, B0, 09, DE, 60, DF, 1A, DF, D6, 37, 0D, 50, AF, 98...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.7 MB (4,931,584 bytes)

Windows Firewall Allowed Program
Name:
C:\WINDOWS\system32\MPK\MpkView.exe


Remove mpkview.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.