home

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.gtopala.com.
Publisher:
Topala Software Solutions  (signed and verified)

Product:
System Information for Windows

Description:
System Information

Version:
6,2,0,0

MD5:
8f2274cf12a01e0b99b39d97713f9985

SHA-1:
d568315bb0594bc91ec91a30c44d7ae33960ceef

SHA-256:
278284b007a6897a61f35039e6338f9e929f0680ed11748e8a0baa44035b6bac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 11:15:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TopalaSo (M)
16.6.19.9

File size:
6.6 MB (6,869,368 bytes)

Product version:
6,2,0,0

Copyright:
Copyright © 2005-2016 Gabriel Topala

Original file name:
SIW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\siw.exe

Digital Signature
Signed by:
Topala Software Solutions

Authority:
COMODO CA Limited

Valid from:
5/8/2015 1:00:00 AM

Valid to:
5/8/2018 12:59:59 AM

Subject:
CN=Topala Software Solutions, O=Topala Software Solutions, STREET=1 Carmel Street, L=Vaughan, S=Ontario, PostalCode=L6A 0W5, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
122AF1F36DAFC08D300BDA6AE569B263

File PE Metadata
Compilation timestamp:
5/11/2016 6:09:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:OfhmvfQ0h4ylRb0Gl9I1aXJ14N71/56kPr0TggiirUlCLxQZKQXfK8QYjSHtESC:OfMnl4s2GQaOZlIT5l1LxQZVXKtESC

Entry address:
0x3D9C13

Entry point:
B8, 68, 12, 7E, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 30, FB, 91, BB, 0D, 69, 17, 62, 9D, 55, 7E, 9D, 74, 09, 17, 77, D1, CF, 61, D7, 08, 5D, FE, 6D, 17, 88, 03, E9, 81, 7E, 56, 34, B8, 83, B5, D7, 5E, EA, 14, F5, BB, 64, DE, 5D, 82, 63, 41, FD, FA, 0B, F8, 36, B5, 39, 58, 52, 43, C9, C9, 9C, 75, 42, B8, EC, F6, 6B, DC, F8, 59, 08, 86, C5, B8, D6, 79, D9, 80, 38, 3F, E2, EB, 79, 5E, 25, 0F, 8F, C8, C7, 24, 59, AD, 10, F6...
 
[+]

Entropy:
7.8765

Packer / compiler:
PECompact v2

Code size:
5.1 MB (5,355,008 bytes)

The file SIW.EXE has been seen being distributed by the following URL.

http://cdn.gtopala.com/download/.../siw.exe

Remove SIW.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.