home

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 7 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Topala Software Solutions  (signed and verified)

Product:
System Information for Windows

Description:
System Information

Version:
4,7,0,0

MD5:
b10fd5adac9761fb09dbbe0a11b54acf

SHA-1:
8feda75ab02b5ccdf11fad30f66aad4c50be0e69

SHA-256:
f2ce42161987211a9f2afdcd4386bc184999dcc7c07e1c388564647a834f10f0

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 11:44:48 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

AVG
Topala Software Solutions
2017.0.2857

Bkav FE
W32.HfsAutoA
1.3.0.4923

ESET NOD32
Win32/RemoteAdmin.RemoteExec.AA (variant)
10.9623

McAfee
Program.PWCrack-Finder
5600.6513

Reason Heuristics
PUP.TopalaSoftwareSolutions (M)
16.1.21.19

Trend Micro House Call
TROJ_GEN.F47V0828
7.2.21

File size:
3.9 MB (4,119,656 bytes)

Product version:
4,7,0,0

Copyright:
Copyright © 2005-2014 Gabriel Topala

Original file name:
SIW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\siw.exe

Digital Signature
Signed by:
Topala Software Solutions

Authority:
COMODO CA Limited

Valid from:
5/4/2012 2:00:00 AM

Valid to:
5/5/2015 1:59:59 AM

Subject:
CN=Topala Software Solutions, O=Topala Software Solutions, STREET="22 Elkhorn Dr., #251", PostalCode=M2K 1J4, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1E362709E9545879CCFC63C3E7D085D

File PE Metadata
Compilation timestamp:
1/29/2014 6:51:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:v6iKGjlWF5rhnSeuC+zWX36ohPlyHxou71e1L:TWzhnS3bWHbhNqoD

Entry address:
0xD2F8B

Entry point:
B8, 2C, 44, 37, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, A0, 3F, 0E, E0, 26, 86, 18, 07, C5, 23, B3, B9, AC, 4A, A8, EC, 8E, 20, BA, EB, 4B, 1F, 1C, 15, B9, 72, E2, 1A, 8C, 18, 2F, B8, F5, 22, DA, A9, 35, 9E, 5A, AD, C0, 56, A4, 9F, FB, CF, 76, AD, 69, 7F, 49, 46, 74, 81, D0, 96, 26, 3F, 78, 66, D5, 1F, EB, 50, D4, 7F, EA, DC, F6, 14, E1, A9, FB, 80, 1E, 48, 67, 9D, 0D, 45, BE, B7, A4, 54, E7, 22, 4C, 0C, 9F, DF, 19, 35, 95...
 
[+]

Packer / compiler:
PECompact v2

Code size:
3.5 MB (3,666,944 bytes)

Remove SIW.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.