mpkview.exe

Mipko OOO

The application mpkview.exe by Mipko OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Mipko OOO  (signed and verified)

Description:
MIPKO Software

Version:
8.5.3.2460

MD5:
27ca6b809eee0f48467687187b5944b4

SHA-1:
74a66b102f46fd295f12f5b32b196dfb48d0a6dc

SHA-256:
4b45d12d3af02dd34972dab17a2526c1dd5c64774c1ae0ea6af8e985cccb3ee0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 7:49:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.15.7

File size:
4.4 MB (4,565,248 bytes)

Product version:
8.5.3.2460

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\web\mpk\mpkview.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/17/2014 7:00:00 PM

Valid to:
1/17/2016 6:59:59 PM

Subject:
CN=Mipko OOO, O=Mipko OOO, L=Pskov, S=Pskov, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59AB06065A650283DA842466D5C3428E

File PE Metadata
Compilation timestamp:
10/1/2015 9:31:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:LZV25nN7LaP8tIHriJbxRDq7u8GZSzN/8RStQkpfxk:LZVYnJLaP8tIuNxRDqu8ply3

Entry address:
0x1000

Entry point:
68, 01, 20, 0B, 01, E8, 01, 00, 00, 00, C3, C3, 79, B1, 21, CA, 52, 3C, AD, 9C, F0, 17, 5B, 33, 21, 95, E7, 80, ED, 3C, EC, 4F, 81, BF, F0, 98, 92, 64, 95, 21, 26, E3, F5, 7B, CC, A3, 50, DB, 02, 76, 11, 14, 54, CA, 37, 40, C7, D6, E4, F7, 52, 7D, 53, DD, 42, 09, 53, 32, 95, 2F, 9B, BB, 0C, 45, 14, 5F, D0, 27, 21, A0, D5, 28, 97, C4, 87, DA, D4, 47, D1, DA, BB, 1F, 83, B6, 5A, EA, A2, 4D, A9, D8, BE, 92, 2C, A5, 24, 98, 69, DF, 20, AE, E7, 8C, 0C, 01, 1A, 33, 34, 76, 11, AC, 7A, E9, 45, 3C, 5D, ED, 93, 86...
 
[+]

Entropy:
7.9959

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
9.2 MB (9,688,064 bytes)

Windows Firewall Allowed Program
Name:
tcp\ip


Remove mpkview.exe - Powered by Reason Core Security