File name:

GPU-Z.2.61.0.exe

Full analysis: https://app.any.run/tasks/2c32a251-02de-4836-b7d2-1815f027c7e6
Verdict: Malicious activity
Analysis date: January 23, 2025, 13:51:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

943C394542C86222D7DB922339D16E61

SHA1:

E43E81D87C4A0ADE4B2646C0ADD73BA2ECFB6EDB

SHA256:

71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164

SSDEEP:

98304:KEzDHbzdEhdIpKFWkaULpT4n4zoCLiy9FkhRT2DNqGXujaBy0F1GnC96Kr/3yBs6:wiy+XGQQ8wSZlVyAN/AiWoOs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • gpuz_installer.exe (PID: 5400)
      • GPU-Z.2.61.0.exe (PID: 5920)
      • GPU-Z.2.61.0.exe (PID: 5628)
      • GPU-Z.exe (PID: 4280)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.exe (PID: 5400)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • There is functionality for taking screenshot (YARA)

      • GPU-Z.2.61.0.exe (PID: 5920)

    • Reads the Windows owner or organization settings

      • gpuz_installer.tmp (PID: 3612)

    • Reads security settings of Internet Explorer

      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Drops a system driver (possible attempt to evade defenses)

      • GPU-Z.exe (PID: 4280)

    • Checks Windows Trust Settings

      • GPU-Z.exe (PID: 4280)

  • INFO

    • The sample compiled with english language support

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Checks supported languages

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.exe (PID: 5400)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.exe (PID: 4280)

    • Reads the computer name

      • GPU-Z.2.61.0.exe (PID: 5920)
      • gpuz_installer.tmp (PID: 3612)

    • Create files in a temporary directory

      • gpuz_installer.exe (PID: 5400)
      • gpuz_installer.tmp (PID: 3612)
      • GPU-Z.2.61.0.exe (PID: 5920)
      • GPU-Z.exe (PID: 4280)

    • Creates files in the program directory

      • gpuz_installer.tmp (PID: 3612)

    • UPX packer has been detected

      • GPU-Z.2.61.0.exe (PID: 5920)

    • The process uses the downloaded file

      • gpuz_installer.tmp (PID: 3612)

    • Creates files or folders in the user directory

      • GPU-Z.exe (PID: 4280)

    • Process checks computer location settings

      • gpuz_installer.tmp (PID: 3612)

    • Checks proxy server information

      • GPU-Z.exe (PID: 4280)

    • Reads the machine GUID from the registry

      • GPU-Z.exe (PID: 4280)

    • Reads the software policy settings

      • GPU-Z.exe (PID: 4280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (43.5)
.exe | Win32 EXE Yoda's Crypter (42.7)
.exe | Win32 Executable (generic) (7.2)
.exe | Generic Win/DOS Executable (3.2)
.exe | DOS Executable Generic (3.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:12:16 14:59:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 10096640
InitializedDataSize: 86016
UninitializedDataSize: 36974592
EntryPoint: 0x2ce3ab0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.61.0.0
ProductVersionNumber: 2.61.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.61.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2024 TechPowerUp (www.techpowerup.com)
OriginalFileName: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.61.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
5
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start gpu-z.2.61.0.exe gpuz_installer.exe gpuz_installer.tmp gpu-z.exe gpu-z.2.61.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3612"C:\Users\admin\AppData\Local\Temp\is-FNL3O.tmp\gpuz_installer.tmp" /SL5="$70242,832512,832512,C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\is-FNL3O.tmp\gpuz_installer.tmp
gpuz_installer.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-fnl3o.tmp\gpuz_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
4280"C:\Program Files (x86)\GPU-Z\GPU-Z.exe" C:\Program Files (x86)\GPU-Z\GPU-Z.exe
gpuz_installer.tmp
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.61.0.0
Modules
Images
c:\program files (x86)\gpu-z\gpu-z.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5400"C:\Users\admin\AppData\Local\Temp\\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe
GPU-Z.2.61.0.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
TechPowerUp GPU-Z Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpuz_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
5628"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exeexplorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
MEDIUM
Description:
GPU-Z - Video card Information Utility
Exit code:
3221226540
Version:
2.61.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpu-z.2.61.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5920"C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe" C:\Users\admin\AppData\Local\Temp\GPU-Z.2.61.0.exe
explorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.61.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpu-z.2.61.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
1 078
Read events
1 047
Write events
31
Delete events
0

Modification events

(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:Install_Dir
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\GPU-Z\
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Language
Value:
en
(PID) Process:(3612) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:DisplayName
Value:
TechPowerUp GPU-Z
Executable files
9
Suspicious files
10
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5920GPU-Z.2.61.0.exeC:\Users\admin\AppData\Local\Temp\gpuz_installer.exeexecutable
MD5:5C05198DA8A483E8969C42310294EB52
SHA256:97D6F98F598C79D67166D38F50764D12DEA897C824CF92657D8AC0AA58E3725A
5920GPU-Z.2.61.0.exeC:\Users\admin\AppData\Local\Temp\GPU-Z.exeexecutable
MD5:943C394542C86222D7DB922339D16E61
SHA256:71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\unins000.exeexecutable
MD5:BE3DDA48E9454C6AB683272E3FBE2A5D
SHA256:46631D2343FA72953D68F00FCA08DEA6BEF027EA6ED494260D658576A79568C1
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-1UC4L.tmpexecutable
MD5:BE3DDA48E9454C6AB683272E3FBE2A5D
SHA256:46631D2343FA72953D68F00FCA08DEA6BEF027EA6ED494260D658576A79568C1
3612gpuz_installer.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnkbinary
MD5:F4273D8553ECF64963A36DFD88C8C4D3
SHA256:B457A246276A3754813390E1921751B602A14F5A0E792EA6B41F35BB00957538
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\GPU-Z.exeexecutable
MD5:943C394542C86222D7DB922339D16E61
SHA256:71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164
4280GPU-Z.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\version_v2[1].jsonbinary
MD5:BBCEA8A972DA72F3CE8E76AC2872261E
SHA256:86CE06B113F6108FE1BE3722AD8669598136110ABCA5D190AD473ABE8ECAD9D5
4280GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:0EE4D1B0B6A9A03365EBDB0CF9890F4B
SHA256:2EDD8C054DBD727A144055D2CE854631C1ACB63394E5921D13C2E906DB6F95C2
3612gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-FUOA1.tmpexecutable
MD5:943C394542C86222D7DB922339D16E61
SHA256:71AE41624C93A298F26EE1418F66740B86E9E8B125E7AB027C3CEE02A1081164
4280GPU-Z.exeC:\Users\admin\AppData\Local\Temp\GPU-Z-v2.sysexecutable
MD5:D4320487BF3021F2F2AFCFC43D652A69
SHA256:9AF0B89C5C54EB66E5A660B61AEE7C1A25B1C92E20A310D8B16552ABCF90C0B5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
34
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.190:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
1140
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4280
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D
unknown
whitelisted
2804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2804
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.190:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.130:443
www.bing.com
Akamai International B.V.
DE
whitelisted
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.190
  • 23.48.23.180
  • 23.48.23.164
  • 23.48.23.159
  • 23.48.23.158
  • 23.48.23.167
  • 23.48.23.177
  • 23.48.23.162
  • 23.48.23.173
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 2.23.246.101
whitelisted
google.com
  • 216.58.212.142
whitelisted
www.bing.com
  • 104.126.37.130
  • 104.126.37.144
  • 104.126.37.145
  • 104.126.37.139
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.123
  • 104.126.37.128
  • 104.126.37.185
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.4
  • 20.190.159.71
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.2
  • 20.190.159.0
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
www.gpu-z.com
  • 138.199.40.8
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

No threats detected
Process
Message
GPU-Z.2.61.0.exe
in CXCrashHandler
GPU-Z.exe
in CXCrashHandler
GPU-Z.2.61.0.exe
in ~CXCrashHandler
GPU-Z.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z.2.61.0.exe