home

gpu-z.0.8.4.exe

GPU-Z - Video card Information Utility

techPowerUp (www.techpowerup.com)

The executable gpu-z.0.8.4.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.techpowerup.com.
Publisher:
techPowerUp (www.techpowerup.com)

Product:
GPU-Z - Video card Information Utility

Version:
0.8.4.0

MD5:
e2212f5b21fa4a8bfc8353d83c2f0fd8

SHA-1:
fe5a43fdb4425c79cf792cd53bc709dff3834eca

SHA-256:
2126cfa7f134fe65753373ec660346997b26894c59187b03113999dde95c9f37

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 6:08:51 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160112-0

AVG
Win32/Sality
2015.0.4489

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.3100.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

VIPRE Antivirus
Threat.4721115
46444

File size:
1.8 MB (1,885,992 bytes)

Product version:
0.8.4.0

Copyright:
(c) 2007-2015 techPowerUp (www.techpowerup.com)

Original file name:
GPU-Z.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\gpu-z.0.8.4.exe

File PE Metadata
Compilation timestamp:
6/25/2015 9:55:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:8YkarfQoYKWUnnM8zHQLvj4YjW6SZfPOVuDWhJmxBhmaoa:YIQ8WUnnTzWMwWnZ3hxXm2

Entry address:
0x1000

Entry point:
60, 8B, C8, 0F, AF, DE, 68, A4, F7, 4F, 00, 50, 0F, B7, D3, EB, 08, F7, C2, DB, 46, A9, 6A, 84, FC, EB, 01, F3, 88, F8, 85, DA, 89, ED, C7, C5, 58, 1E, 1F, FE, C6, C4, 11, 84, F2, 1D, 27, CF, 8C, 44, 87, DD, 68, 67, EC, FF, FF, 69, EA, 6E, E4, 38, 2A, 59, 0F, AF, C7, 1C, 40, 81, C1, 07, 0C, 00, 00, 12, FC, 8D, 39, EB, 05, C6, C4, 12, 88, F7, 81, C7, D3, 63, 00, 00, 01, C1, BB, 4A, B2, 9A, AC, 33, D7, 73, 07, 0B, CD, 89, EB, 0F, AF, F5, 85, D0, F7, C3, 4E, 38, 2E, 32, C7, C2, D4, 5B, C0, 5F, 51, 57, 8D, 35...
 
[+]

Entropy:
7.9579  (probably packed)

Code size:
1.9 MB (2,029,568 bytes)

The file gpu-z.0.8.4.exe has been seen being distributed by the following URL.

http://www.techpowerup.com/downloads/2506/.../start?server=7

Remove gpu-z.0.8.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.