home

mpkview.exe

Refog Inc.

The application mpkview.exe by Refog has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Refog Inc.  (signed and verified)

Description:
REFOG Software

Version:
6.2.3.1112

MD5:
200b5e30ac58bdf359487d04abe77f35

SHA-1:
f67a67469c057df30ed1fb7693d24e0fcd7c2515

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/9/2024 1:14:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Refog (M)
16.1.28.15

File size:
3.6 MB (3,776,336 bytes)

Product version:
6.2.3.1112

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpkview.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
2/6/2010 1:00:00 AM

Valid to:
2/7/2012 12:59:59 AM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C65F10795394990A2209CE7972CFBAC

File PE Metadata
Compilation timestamp:
9/13/2010 2:20:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:0GWOReDJG7KMgmwP5v0jiWZl+octbmdXOU7zW:0GWORoMZ7U5sGAMVK1W

Entry address:
0x1000

Entry point:
68, 01, A0, C0, 00, E8, 01, 00, 00, 00, C3, C3, 14, 00, 9A, 17, 28, C8, 74, DE, 14, A8, FF, 24, 57, CD, AD, D6, B8, 5A, 02, E2, 29, 73, 80, 30, B4, FF, 47, E2, 1E, 9F, C4, 47, A3, D8, 9D, 97, B1, D8, BE, F1, A3, 57, 09, 3C, 18, 2D, 73, 8B, 24, 97, 30, 0A, 5E, F7, C5, CE, E4, A2, 3F, 3B, 4B, 24, 3D, 72, A9, 6E, 36, 8B, E3, 1A, C9, 78, A6, 5B, 1D, E6, 61, 1F, 95, B4, BC, 43, EA, 37, 60, 0B, 26, AC, A5, 05, E2, 9E, 0C, 95, 21, 1E, 94, CB, EF, 8D, 7C, FE, C6, 5D, A1, CD, 69, 3B, A6, 99, 0C, 4B, 84, EF, 52, 99...
 
[+]

Entropy:
7.8172

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.7 MB (4,941,824 bytes)

Windows Firewall Allowed Program
Name:
C:\WINDOWS\system32\MPK\MpkView.exe


Remove mpkview.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.