CPU-Z from CPUID is a very popular freeware program that gathers and display information about your installed hardware like details of CPU, motherboard, installed RAM memory, voltages and so on.
On CPUID website you can find multiple download links of the same product, CPU-Z version 1.63, as an installation file containing both 32 and 64 bits versions or as a standalone executable either for 32 or 64 bits, the question is why to use an installation file when the program can run as a standalone executable so I’ve extracted the components of the installation file to see what it contains. I’ve used a X-UniExtract 1.6.1 rev4, a very good tool for extracting files from any archives or installers. Surprisingly, besides the 32 and 64 bits executable versions of the CPU-Z program, the installer package contains also a third component:
- Product Name: Offercast- APN Install Manager
- Copyright: 2010 Ask.com
As always, I run the program in Sandboxie with Buster Sandbox Analyzer add-on, to see what it does. There was no word among installation screens about installing a second program, not a nice behaviour and I can add no respect for the users. I mean, OK, I understand that CPU-Z is Ad supported and not so freeware but why to install without the user consent another program potentially annoying? After all, why to install stealthily a program in the user PC? The user has not the chance to agree with it or not so that’s a real malicious behaviour. A malware like behaviour, these are not just harsh words but a serious thing.
These are parts of the Buster Sandbox Analyzer add-on report:
* Creates file C:\Users\Cyberstorm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVRC9FWK\pctools.png
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\APNAnalytics.xml
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\apn_pip_local\objectmodel.js
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\apn_pip_local\orchestrator.html
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\apn_pip_local\rules.js
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\is-1GG7C.tmp\cpu-z_1.63-setup-en.tmp
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\is-JV8S3.tmp\APNLog.txt
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\is-JV8S3.tmp\PIP2691_CPUID_.exe
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\is-JV8S3.tmp\_isetup\_RegDLL.tmp
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\is-JV8S3.tmp\_isetup\_shfoldr.dll
* Creates file C:\Users\Cyberstorm\AppData\Local\Temp\pctools.png
[ Network services ]
* Looks for an Internet connection.
* Connects to “pipoffers.apnpartners.com” on port 80.
* Connects to “127.0.0.1″ on port 61549.
* Connects to “ak.pipoffers.apnpartners.com” on port 80.
* Connects to “18.104.22.168″ on port 80.
* Connects to “22.214.171.124″ on port 80.
* Connects to “apnpip.ask.com” on port 80.
* Connects to “126.96.36.199″ on port 80.
[ Process/window/string information ]
* Keylogger functionality.
* Gets user name information.
* Gets system default language ID.
* Gets computer name.
* Checks for debuggers.
* Deletes activity traces.
A lot of Internet connections are made without user agreement and the common sense guess is that the PIP2691_CPUID_.exe (Offercast- APN Install Manager) is serving forcibly products offers or advertisements that the user does not ask for, so it is undesirable and a good reason to call CPU-Z installer a free unwanted package.
Instead of using the installation file 1.63 setup, english which is at least a questionable package, I think it’s a better idea to use directly the executable file according to your system 1.63 32-bit, english or 1.63 64-bit, english.
Keep safe !