× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad24bdc1792777e6eb8c182e1ce0a24050a3e1ffecbfe3b0acb0d3512afd0b0d
File name: GPU-Z.0.8.5.exe
Detection ratio: 1 / 57
Analysis date: 2016-04-03 04:09:02 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Baidu Multi.Threats.InArchive 20160402
Ad-Aware 20160403
AegisLab 20160403
AhnLab-V3 20160402
Alibaba 20160401
ALYac 20160403
Antiy-AVL 20160403
Arcabit 20160403
Avast 20160403
AVG 20160403
Avira (no cloud) 20160402
AVware 20160403
Baidu-International 20160402
BitDefender 20160403
Bkav 20160402
CAT-QuickHeal 20160402
ClamAV 20160402
CMC 20160401
Comodo 20160402
Cyren 20160403
DrWeb 20160403
Emsisoft 20160403
ESET-NOD32 20160402
F-Prot 20160403
F-Secure 20160403
Fortinet 20160402
GData 20160403
Ikarus 20160402
Jiangmin 20160403
K7AntiVirus 20160403
K7GW 20160403
Kaspersky 20160402
Kingsoft 20160403
Malwarebytes 20160403
McAfee 20160403
McAfee-GW-Edition 20160403
Microsoft 20160402
eScan 20160403
NANO-Antivirus 20160403
nProtect 20160401
Panda 20160402
Qihoo-360 20160403
Rising 20160403
Sophos AV 20160403
SUPERAntiSpyware 20160403
Symantec 20160331
Tencent 20160403
TheHacker 20160330
TotalDefense 20160402
TrendMicro 20160403
TrendMicro-HouseCall 20160403
VBA32 20160401
VIPRE 20160403
ViRobot 20160402
Yandex 20160316
Zillya 20160402
Zoner 20160403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) 2007-2015 techPowerUp (www.techpowerup.com)

Product GPU-Z - Video card Information Utility
Original name GPU-Z.exe
Internal name GPU-Z.exe
File version 0.8.5.0
Description GPU-Z - Video card Information Utility
Signature verification Signed file, verified signature
Signing date 3:03 PM 7/30/2015
Signers
[+] TechPowerUp Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G2
Valid from 9:27 AM 6/17/2014
Valid to 1:21 PM 9/9/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E8CB24DBA3549CFE18B38AD30284738B9D63A081
Serial number 11 21 2B D8 CE F4 E8 68 F4 B1 88 BD E9 69 D0 3A B6 F1
[+] GlobalSign CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4E34C4841080D07059EFC1F3C5DE4D79905A36FF
Serial number 04 00 00 00 00 01 31 89 C6 37 E8
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] GlobalSign TSA for MS Authenticode - G2
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint B36308B4D4CDED4FCFBD66B955FAE3BFB12C29E6
Serial number 11 21 06 A0 81 D3 3F D8 7A E5 82 4C C1 6B 52 09 4E 03
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-30 14:02:55
Entry Point 0x00001000
Number of sections 2
PE sections
Overlays
MD5 202ab0eeebb7430c54034132cb80999b
File type data
Offset 1803264
Size 5928
Entropy 7.42
PE imports
DecryptFileW
_TrackMouseEvent
GetFileTitleW
CryptMsgClose
GetViewportOrgEx
ImmGetOpenStatus
AlphaBlend
NetWkstaGetInfo
AccessibleObjectFromWindow
SystemTimeToVariantTime
CM_Get_Parent
SHGetDesktopFolder
PathFileExistsW
DrawFrameControl
VerQueryValueW
InternetReadFile
PlaySoundW
OpenPrinterW
CryptCATAdminAcquireContext
inet_addr
MiniDumpWriteDump
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
OleDuplicateData
Number of PE resources by type
RT_STRING 253
RT_DIALOG 19
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 15
RT_BITMAP 10
RT_RCDATA 9
RT_GROUP_ICON 5
Struct(240) 4
RT_MENU 4
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
UKRAINIAN NEUTRAL 60
GERMAN 43
NEUTRAL 17
PORTUGUESE NEUTRAL 12
SERBIAN NEUTRAL 12
FRENCH NEUTRAL 12
GREEK NEUTRAL 12
HUNGARIAN NEUTRAL 12
SPANISH NEUTRAL 12
RUSSIAN NEUTRAL 12
FARSI NEUTRAL 12
PORTUGUESE BRAZILIAN 12
ITALIAN NEUTRAL 12
ENGLISH NEUTRAL 12
ARABIC NEUTRAL 12
ARMENIAN NEUTRAL 12
TURKISH NEUTRAL 12
BULGARIAN NEUTRAL 12
GERMAN NEUTRAL 12
CHINESE NEUTRAL 12
CHINESE *unknown* 12
ALBANIAN NEUTRAL 12
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.8.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4474368

EntryPoint
0x1000

OriginalFileName
GPU-Z.exe

MIMEType
application/octet-stream

LegalCopyright
(c) 2007-2015 techPowerUp (www.techpowerup.com)

FileVersion
0.8.5.0

TimeStamp
2015:07:30 15:02:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GPU-Z.exe

ProductVersion
0.8.5.0

FileDescription
GPU-Z - Video card Information Utility

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
techPowerUp (www.techpowerup.com)

CodeSize
2029056

ProductName
GPU-Z - Video card Information Utility

ProductVersionNumber
0.8.5.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 513d1606fd1216cbe56fb1e2dc8d38a2
SHA1 425cf437fed85f412524068fbf47d0ebcf172681
SHA256 ad24bdc1792777e6eb8c182e1ce0a24050a3e1ffecbfe3b0acb0d3512afd0b0d
ssdeep
49152:uxnmpxsZKa7sqiPAiGmULPc4HAExFwauhpbrZBDE/JxWM:amDK3w360ynFwaEBrZBDE/v

authentihash 82aab112bc4d5e7cf53af9f72469d0a60135c0fe37c811fa74942942f304b764
imphash 806e9ec88b558d1b7a7a7f7733872b3b
File size 1.7 MB ( 1809192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (43.1%)
Win32 EXE PECompact compressed (generic) (30.3%)
Win64 Executable (generic) (20.1%)
Win32 Executable (generic) (3.2%)
Generic Win/DOS Executable (1.4%)
Tags
pecompact peexe signed overlay

VirusTotal metadata
First submission 2015-07-30 14:20:40 UTC ( 2 years, 5 months ago )
Last submission 2018-01-13 13:37:46 UTC ( 1 week, 1 day ago )
File names GPU-Z.0.8.5.exe
GPU-Z.exe
ad24bdc1792777e6eb8c182e1ce0a24050a3e1ffecbfe3b0acb0d3512afd0b0d
GPU-Z.exe
rsload.net.GPU-Z.0.8.5.exe
GPUZ.exe
GPU-Z 0.8.5.exe
2º Executar - GPU-Z.exe
gpu-z.0.8.5.exe
GPU-Z.0.8.5 (1).exe
GPU-Z.exe
GPU-Z_Rus_Setup.exe
GPU-Z.0.8.5.exe
GPU-Z.0.8.5.exe
GPU-Z.0.8.5.exe
gpuz.exe
filename
GPU-Z.0.8.5.exe
2ª Ferramenta - GPU-Z.exe
GPU-Z.0.8.5_(www.programki.pl).exe
GPU-Z v0.8.5.exe
gpu-z.exe
GPU-Z.0.8.5.exe
GPU-Z.0.8.5.exe
output.78422945.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.