» SIW.EXE
Overview
Analysis
File Details
Downloads (1)

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.gtopala.com.

File name:

SIW.EXE

Publisher:

Topala Software Solutions (signed and verified)

Product:

System Information for Windows

Description:

System Information

Version:

5,3,0,0

MD5:

96b1079e4c0eb6c774b0eef9841ecf12

SHA-1:

0b836d8c3e3dbca265981de596334722908635cd

SHA-256:

a552602b83923d15ddd29e11670e7da756b7ee1f836e105f9aa5f63b34c1c823

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 5:55:21 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TopalaSoftwareSolutions (M)

15.8.28.13

File size:

5.6 MB (5,828,856 bytes)

Product version:

5,3,0,0

Original file name:

SIW.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\siw_bundle\siw.exe

Digital Signature

Signed by:

Topala Software Solutions

Authority:

COMODO CA Limited

Valid from:

5/7/2015 5:00:00 PM

Valid to:

5/7/2018 4:59:59 PM

Subject:

CN=Topala Software Solutions, O=Topala Software Solutions, STREET=1 Carmel Street, L=Vaughan, S=Ontario, PostalCode=L6A 0W5, C=CA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

122AF1F36DAFC08D300BDA6AE569B263

File PE Metadata

Compilation timestamp:

8/27/2015 10:11:00 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:vLvM88rBdbjVjhFOOFxIPQ5poIQY+q34IqjgJKaAB2LpiJA/wTrX2yEQ:zvMZTjVmP4ZRJIVjPaQJAYf7EQ

Entry address:

0x1000

Entry point:

B8, 20, F5, 81, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 34, F5, C3, 18, 13, F8, 3F, 5C, 39, B7, 8F, 0D, 78, AA, E1, 21, 6C, 77, 74, 1D, 22, 3A, AD, 2E, B3, D7, 32, 9F, C0, 53, D8, 47, DC, 4B, 4B, F8, BE, 99, 57, F0, D5, 99, 0C, 97, 6E, 12, A6, 0F, C9, DD, A2, CA, B4, 0A, 47, CB, 65, 62, 92, 9E, 70, 41, E8, 06, AD, 43, 72, EB, 4A, 28, DA, 6A, 78, 09, 94, 38, 7D, F8, 35, 4E, 42, C8, 96, 80, 82, CA, FD, D4, B1, A8, 26, D2, B5... 
[+]

Entropy:

7.8546

Packer / compiler:

PECompact v2

Code size:

5.9 MB (6,210,560 bytes)

The file SIW.EXE has been seen being distributed by the following URL.

http://cdn.gtopala.com/download/.../siw.exe

Remove SIW.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.