home

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.gtopala.com.
Publisher:
Topala Software Solutions  (signed and verified)

Product:
System Information for Windows

Description:
System Information

Version:
5,3,0,1

MD5:
ba38a65d631f80574ffa9bc4db93ad2a

SHA-1:
62eb269487c16f153dab016c422e164c7b36c20f

SHA-256:
e96aecec5ebd0213f171084406da9a5deead3ab3928cbf93daebbc5819084287

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/13/2025 5:03:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TopalaSoftwareSolutions (M)
15.10.8.15

File size:
5.6 MB (5,827,320 bytes)

Product version:
5,3,0,1

Copyright:
Copyright © 2005-2015 Gabriel Topala

Original file name:
SIW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\siw\siw.exe

Digital Signature
Signed by:
Topala Software Solutions

Authority:
COMODO CA Limited

Valid from:
5/7/2015 8:00:00 PM

Valid to:
5/7/2018 7:59:59 PM

Subject:
CN=Topala Software Solutions, O=Topala Software Solutions, STREET=1 Carmel Street, L=Vaughan, S=Ontario, PostalCode=L6A 0W5, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
122AF1F36DAFC08D300BDA6AE569B263

File PE Metadata
Compilation timestamp:
8/28/2015 10:40:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:/0sTcOa9EWHg08VwKNupSVhQgUJ7JaOi2BZp3qOENaph7lDYddl3X2yE7:/DTcOOEWHg08V7u9IOigZoOEgpkjN7E7

Entry address:
0x1000

Entry point:
B8, 60, F5, 81, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 3E, 29, 02, 74, 75, 59, 61, 7F, 81, 9B, 68, C7, 0D, 26, 4B, C2, 8A, D3, AA, D0, DF, A2, 36, 0E, 3D, 09, 20, 2E, BD, 07, 1E, 93, D2, 4D, 7B, B8, 08, 9E, F0, 31, AC, 98, E5, 90, DB, 26, 7F, 95, 5E, D7, 39, 2E, B5, 2A, 9F, 8D, AC, 79, 48, 39, 8D, 9F, 74, 9D, B3, B9, 39, 10, 45, DF, 0F, 90, 14, 10, 41, 6B, 82, CC, EB, 35, 88, EA, C6, 14, C9, 0F, FA, 69, 20, B6, 0E, 79, 46...
 
[+]

Entropy:
7.8546

Packer / compiler:
PECompact v2

Code size:
5.9 MB (6,211,584 bytes)

The file SIW.EXE has been seen being distributed by the following URL.

http://cdn.gtopala.com/download/.../siw.exe

Remove SIW.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.