File name:

GPU-Z.2.50.0.exe

Full analysis: https://app.any.run/tasks/3d79d1c2-d528-42f6-ae60-714942518821
Verdict: Malicious activity
Analysis date: October 05, 2022, 01:53:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

AAABF7F2971517A1C9E33927750BC961

SHA1:

956BB62CC78790A278EF66F3A209F9B18DAA9A19

SHA256:

49F87AE37C935C36535FB33C7920CF3536E63F9040F83C0E1FFC7DE3174B3636

SSDEEP:

196608:pj+INk9rAkfBJCkJtWe954UeptOBr03KUpbL:pj+r9rA8fSS5fEAcn5L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • GPU-Z.2.50.0.exe (PID: 2344)
      • gpuz_installer.exe (PID: 1700)
      • gpuz_installer.tmp (PID: 3068)
      • GPU-Z.exe (PID: 2256)

    • Application was dropped or rewritten from another process

      • gpuz_installer.exe (PID: 1700)

    • Changes settings of System certificates

      • GPU-Z.exe (PID: 2256)

  • SUSPICIOUS

    • Checks supported languages

      • GPU-Z.2.50.0.exe (PID: 2344)
      • gpuz_installer.exe (PID: 1700)
      • gpuz_installer.tmp (PID: 3068)
      • GPU-Z.exe (PID: 2256)

    • Drops a file with a compile date too recent

      • GPU-Z.2.50.0.exe (PID: 2344)
      • gpuz_installer.exe (PID: 1700)
      • gpuz_installer.tmp (PID: 3068)
      • GPU-Z.exe (PID: 2256)

    • Reads the computer name

      • GPU-Z.2.50.0.exe (PID: 2344)
      • gpuz_installer.tmp (PID: 3068)
      • GPU-Z.exe (PID: 2256)

    • Executable content was dropped or overwritten

      • gpuz_installer.exe (PID: 1700)
      • gpuz_installer.tmp (PID: 3068)
      • GPU-Z.exe (PID: 2256)
      • GPU-Z.2.50.0.exe (PID: 2344)

    • Reads Windows owner or organization settings

      • gpuz_installer.tmp (PID: 3068)

    • Reads the Windows organization settings

      • gpuz_installer.tmp (PID: 3068)

    • Creates a directory in Program Files

      • gpuz_installer.tmp (PID: 3068)

    • Adds / modifies Windows certificates

      • GPU-Z.exe (PID: 2256)

  • INFO

    • Creates files in the program directory

      • gpuz_installer.tmp (PID: 3068)

    • Application was dropped or rewritten from another process

      • gpuz_installer.tmp (PID: 3068)

    • Creates a software uninstall entry

      • gpuz_installer.tmp (PID: 3068)

    • Checks Windows Trust Settings

      • GPU-Z.exe (PID: 2256)

    • Reads settings of System Certificates

      • GPU-Z.exe (PID: 2256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2022-Oct-01 08:58:02
Detected languages:
  • English - United States
  • Portuguese - Brazil
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.50.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2022 TechPowerUp (www.techpowerup.com)
OriginalFilename: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.50.0.0

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: -
e_cparhdr: 4
e_minalloc: -
e_maxalloc: 65535
e_ss: -
e_sp: 184
e_csum: -
e_ip: -
e_cs: -
e_ovno: -
e_oemid: -
e_oeminfo: -
e_lfanew: 304

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 3
TimeDateStamp: 2022-Oct-01 08:58:02
PointerToSymbolTable: -
NumberOfSymbols: -
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
4096
21880832
0
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1
21884928
7413760
7412736
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.99998
.rsrc
29298688
86016
82432
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
5.14436

Resources

Title
Entropy
Size
Codepage
Language
Type
1
3.87773
1384
UNKNOWN
UNKNOWN
RT_ICON
2
5.02163
1128
UNKNOWN
UNKNOWN
RT_ICON
3
5.72775
2216
UNKNOWN
UNKNOWN
RT_ICON
4
4.8351
4264
UNKNOWN
UNKNOWN
RT_ICON
5
5.15311
3752
UNKNOWN
UNKNOWN
RT_ICON
6
4.83126
9640
UNKNOWN
UNKNOWN
RT_ICON
7
7.9552
21146
UNKNOWN
UNKNOWN
RT_ICON
8
2.10907
1696
UNKNOWN
UNKNOWN
RT_ICON
9
2.05908
1264
UNKNOWN
UNKNOWN
RT_ICON
10
1.56096
9640
UNKNOWN
UNKNOWN
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
IMM32.dll
KERNEL32.DLL
MSIMG32.dll
NETAPI32.dll
OLEACC.dll
OLEAUT32.dll
PSAPI.DLL
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start gpu-z.2.50.0.exe gpuz_installer.exe gpuz_installer.tmp gpu-z.exe gpu-z.2.50.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1116"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.50.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.50.0.exeExplorer.EXE
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
MEDIUM
Description:
GPU-Z - Video card Information Utility
Exit code:
3221226540
Version:
2.50.0.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\gpu-z.2.50.0.exe
1700"C:\Users\admin\AppData\Local\Temp\\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe
GPU-Z.2.50.0.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
TechPowerUp GPU-Z Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpuz_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2256"C:\Program Files\GPU-Z\GPU-Z.exe" C:\Program Files\GPU-Z\GPU-Z.exe
gpuz_installer.tmp
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.50.0.0
Modules
Images
c:\program files\gpu-z\gpu-z.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
2344"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.50.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.50.0.exe
Explorer.EXE
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.50.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpu-z.2.50.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3068"C:\Users\admin\AppData\Local\Temp\is-LUJ2D.tmp\gpuz_installer.tmp" /SL5="$3012E,721408,721408,C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\is-LUJ2D.tmp\gpuz_installer.tmp
gpuz_installer.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-luj2d.tmp\gpuz_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
5 239
Read events
5 148
Write events
84
Delete events
7

Modification events

(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
FC0B000052AF2C585DD8D801
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
496D1DCBF2E48EE430A0E1445A95B068BBD2CC55C119670116970E808685ABC1
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\GPU-Z\GPU-Z.exe
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
3963519C81EC6DFE30DE9CABD1324A12DFD679DB667AB7D91599561989519459
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_CURRENT_USER\Software\techPowerUp\GPU-Z
Operation:writeName:Install_Dir
Value:
C:\Program Files\GPU-Z
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.0.2 (u)
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\GPU-Z
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\GPU-Z\
(PID) Process:(3068) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
Executable files
8
Suspicious files
7
Text files
0
Unknown types
7

Dropped files

PID
Process
Filename
Type
2256GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\03005CB84A266CEC058C632BB7746F6Abinary
MD5:
SHA256:
2344GPU-Z.2.50.0.exeC:\Users\admin\AppData\Local\Temp\GPU-Z.exeexecutable
MD5:
SHA256:
3068gpuz_installer.tmpC:\Users\Public\Desktop\TechPowerUp GPU-Z.lnklnk
MD5:
SHA256:
3068gpuz_installer.tmpC:\Program Files\GPU-Z\GPU-Z.exeexecutable
MD5:
SHA256:
3068gpuz_installer.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnklnk
MD5:
SHA256:
3068gpuz_installer.tmpC:\Program Files\GPU-Z\unins000.datdat
MD5:
SHA256:
3068gpuz_installer.tmpC:\Program Files\GPU-Z\is-C63R4.tmpexecutable
MD5:
SHA256:
2256GPU-Z.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\version_v2[1].jsonbinary
MD5:
SHA256:
2256GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\03005CB84A266CEC058C632BB7746F6Ader
MD5:
SHA256:
2344GPU-Z.2.50.0.exeC:\Users\admin\AppData\Local\Temp\gpuz_installer.exeexecutable
MD5:DB0FE2FC8B640F81BE6103EFABB69FC1
SHA256:6CDFAC9A6FD83D7A0B652BD8D5A971A753704302E697C3129DCAA5F2DE465A44
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
8
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2256
GPU-Z.exe
GET
200
172.64.155.188:80
http://crl.comodoca.com/AAACertificateServices.crl
US
der
506 b
whitelisted
2256
GPU-Z.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEEe6PinQT32mTH9oWfJSNJ0%3D
US
der
471 b
whitelisted
2256
GPU-Z.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?de3682e9c46324b8
US
compressed
4.70 Kb
whitelisted
2256
GPU-Z.exe
GET
200
104.18.32.68:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
2256
GPU-Z.exe
GET
200
172.64.155.188:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
2.18 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.2:53
whitelisted
2256
GPU-Z.exe
138.199.40.8:443
www.gpu-z.com
Datacamp Limited
US
unknown
2256
GPU-Z.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2256
GPU-Z.exe
172.64.155.188:80
ocsp.comodoca.com
CLOUDFLARENET
US
suspicious
104.18.32.68:80
ocsp.comodoca.com
CLOUDFLARENET
suspicious
2256
GPU-Z.exe
104.18.32.68:80
ocsp.comodoca.com
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
www.microsoft.com
whitelisted
www.gpu-z.com
  • 138.199.40.8
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
crl.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.usertrust.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted
ocsp.sectigo.com
  • 104.18.32.68
  • 172.64.155.188
whitelisted

Threats

No threats detected
Process
Message
GPU-Z.2.50.0.exe
in CXCrashHandler
GPU-Z.exe
in CXCrashHandler
GPU-Z.2.50.0.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z.2.50.0.exe