home

mpkview.exe

Refog Inc.

The application mpkview.exe by Refog has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Refog Inc.  (signed and verified)

Description:
REFOG Software

Version:
7.4.1.1473

MD5:
db67fea5b6f54c1e49a6681f8a10c79c

SHA-1:
37bbfb0258c4111b6ce18331bd5d428457605cad

SHA-256:
aa354543acc50e7abb3d1a33575a745c922588949e9565194a8f98091ebdd57e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 6:54:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.27.6

File size:
3.8 MB (4,012,888 bytes)

Product version:
7.4.1.1473

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\mpk\mpkview.exe

Digital Signature
Signed by:
Refog Inc.

Authority:
VeriSign, Inc.

Valid from:
12/11/2011 8:00:00 PM

Valid to:
2/5/2013 7:59:59 PM

Subject:
CN=Refog Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Refog Inc., L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1FC4489003E01028139915C2D888675C

File PE Metadata
Compilation timestamp:
8/21/2012 8:53:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1000

Entry point:
68, 01, 30, C6, 00, E8, 01, 00, 00, 00, C3, C3, D9, BB, C5, 0B, 22, 5E, F8, 6D, 9C, E1, 80, 24, 8A, C3, C3, 6F, 7C, F6, 83, B4, C2, 7E, 74, 08, D7, 67, 45, DA, BC, D2, E7, F8, 08, 0C, 4F, 8E, 0F, AC, 79, B4, 4E, 3E, 61, F9, 87, 76, AF, 3D, 0A, 16, 7D, 92, 58, 44, E8, 1F, B3, 3E, 8B, A1, A3, 22, 71, C2, 76, 0B, AB, 0A, B9, 1E, A4, FD, F1, FC, FF, E9, 21, 90, ED, DE, 84, 3A, 58, 8C, 8D, 68, 5D, 17, D6, 8F, A3, 65, 94, 40, 9C, DB, 1A, A4, 43, 3B, 7B, 6A, E1, 92, 8C, F7, A0, 55, 9C, D0, B5, BF, 57, 8A, 8B, 2A...
 
[+]

Entropy:
7.8325

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.9 MB (5,124,608 bytes)

Windows Firewall Allowed Program
Name:
tcp\ip


Remove mpkview.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.