File name:

GPU-Z.2.61.0.exe

Full analysis: https://app.any.run/tasks/2c32a251-02de-4836-b7d2-1815f027c7e6
Verdict: Malicious activity
Analysis date: January 23, 2025, 13:51:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

943C394542C86222D7DB922339D16E61

SHA1:

E43E81D87C4A0ADE4B2646C0ADD73BA2ECFB6EDB

SHA256:

71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164

SSDEEP:

98304:KEzDHbzdEhdIpKFWkaULpT4n4zoCLiy9FkhRT2DNqGXujaBy0F1GnC96Kr/3yBs6:wiy+XGQQ8wSZlVyAN/AiWoOs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • GPU-Z.2.61.0.exe (PID: 5628)
      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.exe (PID: 5400)
      • GPU-Z.exe (PID: 4280)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • gpuz_installer.exe (PID: 5400)
      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Reads the Windows owner or organization settings

      • gpuz_installer.tmp (PID: 3612)

    • There is functionality for taking screenshot (YARA)

      • GPU-Z.2.61.0.exe (PID: 5920)

    • Reads security settings of Internet Explorer

      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Drops a system driver (possible attempt to evade defenses)

      • GPU-Z.exe (PID: 4280)

    • Checks Windows Trust Settings

      • GPU-Z.exe (PID: 4280)

  • INFO

    • Reads the computer name

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)

    • The sample compiled with english language support

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Create files in a temporary directory

      • gpuz_installer.exe (PID: 5400)
      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Checks supported languages

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)
      • gpuz_installer.exe (PID: 5400)
      • GPU-Z.exe (PID: 4280)

    • Creates files in the program directory

      • gpuz_installer.tmp (PID: 3612)

    • UPX packer has been detected

      • GPU-Z.2.61.0.exe (PID: 5920)

    • Process checks computer location settings

      • gpuz_installer.tmp (PID: 3612)

    • The process uses the downloaded file

      • gpuz_installer.tmp (PID: 3612)

    • Checks proxy server information

      • GPU-Z.exe (PID: 4280)

    • Creates files or folders in the user directory

      • GPU-Z.exe (PID: 4280)

    • Reads the machine GUID from the registry

      • GPU-Z.exe (PID: 4280)

    • Reads the software policy settings

      • GPU-Z.exe (PID: 4280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:12:16 14:59:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 10096640
InitializedDataSize: 86016
UninitializedDataSize: 36974592
EntryPoint: 0x2ce3ab0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.61.0.0
ProductVersionNumber: 2.61.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.61.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2024 TechPowerUp (www.techpowerup.com)
OriginalFileName: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.61.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
5
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start gpu-z.2.61.0.exe gpuz_installer.exe gpuz_installer.tmp gpu-z.exe gpu-z.2.61.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3612"C:\Users\admin\AppData\Local\Temp\is-FNL3O.tmp\gpuz_installer.tmp" /SL5="$70242,832512,832512,C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\is-FNL3O.tmp\gpuz_installer.tmp
gpuz_installer.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-fnl3o.tmp\gpuz_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
4280"C:\Program Files (x86)\GPU-Z\GPU-Z.exe" C:\Program Files (x86)\GPU-Z\GPU-Z.exe
gpuz_installer.tmp
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.61.0.0
Modules
Images
c:\program files (x86)\gpu-z\gpu-z.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5400"C:\Users\admin\AppData\Local\Temp\\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe
GPU-Z.2.61.0.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
TechPowerUp GPU-Z Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpuz_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
5628"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exeexplorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
MEDIUM
Description:
GPU-Z - Video card Information Utility
Exit code:
3221226540
Version:
2.61.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpu-z.2.61.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5920"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe
explorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.61.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpu-z.2.61.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
1 078
Read events
1 047
Write events
31
Delete events
0

Modification events

(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:Install_Dir
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\GPU-Z\
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Language
Value:
en
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:DisplayName
Value:
TechPowerUp GPU-Z
Executable files
9
Suspicious files
10
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\GPU-Z.exeexecutable
MD5:943C394542C86222D7DB922339D16E61
SHA256:71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\unins000.exeexecutable
MD5:BE3DDA48E9454C6AB683272E3FBE2A5D
SHA256:46631D2343FA72953D68F00FCA08DEA6BEF027EA6ED494260D658576A79568C1
3612gpuz_installer.tmpC:\Users\admin\AppData\Local\Temp\is-7PVIE.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-FUOA1.tmpexecutable
MD5:943C394542C86222D7DB922339D16E61
SHA256:71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164
3612gpuz_installer.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnkbinary
MD5:F4273D8553ECF64963A36DFD88C8C4D3
SHA256:B457A246276A3754813390E1921751B602A14F5A0E792EA6B41F35BB00957538
3612gpuz_installer.tmpC:\Users\Public\Desktop\TechPowerUp GPU-Z.lnkbinary
MD5:D277FC998BB763D0CDF0E51502556970
SHA256:F6C318D72F85C6A844DC29EB5963C9267C8D69AF081AB9E09E96B05CD1C49DB6
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-1UC4L.tmpexecutable
MD5:BE3DDA48E9454C6AB683272E3FBE2A5D
SHA256:46631D2343FA72953D68F00FCA08DEA6BEF027EA6ED494260D658576A79568C1
4280GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:37308A3750122FF35E670EA0102EFF6E
SHA256:458582C117E51517376F874DEA938F5365E3CC971F5B59041DDF1674C812CAAC
5400gpuz_installer.exeC:\Users\admin\AppData\Local\Temp\is-FNL3O.tmp\gpuz_installer.tmpexecutable
MD5:4C9111B5058CB0A71DA1C566E6B15DE5
SHA256:FF02CD92B07585423EF7BDD0A873374922767FE21F93FCEBC24181A5EE2111FA
5920GPU-Z.2.61.0.exeC:\Users\admin\AppData\Local\Temp\gpuz_installer.exeexecutable
MD5:5C05198DA8A483E8969C42310294EB52
SHA256:97D6F98F598C79D67166D38F50764D12DEA897C824CF92657D8AC0AA58E3725A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
34
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.190:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D
unknown
whitelisted
2804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1140
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.190:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.130:443
www.bing.com
Akamai International B.V.
DE
whitelisted
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.190
  • 23.48.23.180
  • 23.48.23.164
  • 23.48.23.159
  • 23.48.23.158
  • 23.48.23.167
  • 23.48.23.177
  • 23.48.23.162
  • 23.48.23.173
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 2.23.246.101
whitelisted
google.com
  • 216.58.212.142
whitelisted
www.bing.com
  • 104.126.37.130
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.123
  • 104.126.37.128
  • 104.126.37.185
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.4
  • 20.190.159.71
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.0
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
www.gpu-z.com
  • 138.199.40.8
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

No threats detected
Process
Message
GPU-Z.2.61.0.exe
in CXCrashHandler
GPU-Z.exe
in CXCrashHandler
GPU-Z.2.61.0.exe
in ~CXCrashHandler
GPU-Z.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z.2.61.0.exe