The name of the malicious file is HWiNFO_Monitor_Setup, and running it launches a Russian installer with an Inno Setup wrapper, which is atypical and highly suspicious.
Users reported that downloading the clean hwmonitor_1.63.exe from the direct URL was still possible, indicating that the original binaries were intact, but the distribution links appear to have been poisoned.
Kaspersky researchers also analyzed the incident and say that the compromise lasted between April 9, 15:00 UTC, until about April 10, 10:00 UTC, and that the attacker distributed malicious versions for the following CPUID software:
CPU-Z (version 2.19)
HWMonitor Pro (version 1.57)
HWMonitor (version 1.63)
PerfMonitor (version 2.04)
The modified variants included a legitimate, signed executable and a malicious DLL named ‘CRYPTBASE.dll’, used for DLL sideloading.
Even though
Currently, it appears that CPUID has fixed the problem and now serves clean versions for both CPU-Z and HWMonitor.
I would still exercise extra caution if you have one of these programs installed and plan to update it, or were otherwise planning to install one of these programs.