home

mpk.exe

Refog Inc.

The application mpk.exe by Refog has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Refog Inc.  (signed and verified)

Version:
8.7.1.2770

MD5:
c5bed03164fc99e024c07483c97885ab

SHA-1:
c93fb4ef99d9f7bb1ec985ab62807ce96601311c

SHA-256:
b8b4ba1a87fa25d6ebb3b77a057e30706bc60b00691a2bac25d5548b4b323c93

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 5:54:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.17.7

File size:
1.9 MB (1,961,840 bytes)

Product version:
8.7.1.2770

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpk.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
Symantec Corporation

Valid from:
3/3/2016 4:00:00 PM

Valid to:
4/3/2018 4:59:59 PM

Subject:
CN=Refog Inc., O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
50E9ECB0A3DD83DEC773133A47225D97

File PE Metadata
Compilation timestamp:
2/3/2017 3:35:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1000

Entry point:
68, 01, 60, 94, 00, E8, 01, 00, 00, 00, C3, C3, FB, E5, 18, 3F, AF, 79, 3F, 80, 79, 7E, 5C, 15, 82, 29, 54, C6, 41, 0E, 51, 69, 9B, 73, FD, F3, 15, F2, 1D, 1F, 96, C1, 77, 5F, DC, C4, 41, E3, FB, 86, EA, 7B, 27, F6, 37, 70, B1, 65, 13, 5D, DE, F2, 67, 88, 30, 37, 4E, 64, B0, 77, 31, 22, 40, 5D, C7, 4A, 68, 93, C2, 7F, 00, F0, 29, 46, 52, 1E, 43, 90, 76, ED, DE, F1, 55, A1, 06, 7D, B7, AE, D7, 3D, 85, 4E, 90, 58, 13, 89, 54, C3, 25, 99, E6, 5C, 02, 2B, A6, CE, 11, 8D, EA, D5, 8F, 38, 9C, 05, 1C, A7, 64, 9F...
 
[+]

Entropy:
7.8038

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4 MB (4,185,600 bytes)

Windows Firewall Allowed Program
Name:
tcp\ip


Remove mpk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.