sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”. While running, it connects to the Internet address host213-123-252-25.in-addr.btopenworld.com on port 80 using the HTTP protocol.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.4.1.3

MD5:
d3c66a4b7ee353a8d70e99d0f19a2960

SHA-1:
33d621a76514a88eca06a7d0a65b320e6383c79d

SHA-256:
6620ab9fe16956b57914ba7b06bef85e812a7f02af0d44ab466359839325c7bb

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2017 12:51:58 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-BUN [Trj]
140617-1

G Data
Win32.Trojan.Agent.OA89H3
14.8.24

IKARUS anti.virus
Trojan.Agent
t3scan.1.6.1.0

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
391.3 KB (400,664 bytes)

Product version:
1.4.1.3

Copyright:
Copyright © Tlapia 2012-2014

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 1:00:00 AM

Valid to:
2/21/2016 12:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5634AB7F528C8A806EF7C20703DC5967

File PE Metadata
Compilation timestamp:
1/24/2014 2:33:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:WBNegef9GmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/y:jRQtrgNfGy9BG/Pxve8tOM+B/va

Entry address:
0x71AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
20.5 KB (20,992 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-46-137-177-168.eu-west-1.compute.amazonaws.com  (46.137.177.168:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-54-235-197-195.compute-1.amazonaws.com  (54.235.197.195:80)

TCP (HTTP):
Connects to ec2-54-228-205-169.eu-west-1.compute.amazonaws.com  (54.228.205.169:80)

TCP (HTTP):
Connects to b2.5d.4f.static.xlhost.com  (64.79.93.178:80)

TCP (HTTP):

TCP (HTTP):
Connects to 92.5d.4f.static.xlhost.com  (64.79.93.146:80)

TCP (HTTP):
Connects to www.ashampoo.com  (62.159.55.5:80)

TCP (HTTP):
Connects to vip1.g.cachefly.net  (205.234.175.175:80)

TCP (HTTP):
Connects to static-ip-62-75-212-30.inaddr.ip-pool.com  (62.75.212.30:80)

TCP (HTTP):
Connects to server-54-230-92-18.fra2.r.cloudfront.net  (54.230.92.18:80)

TCP (HTTP):
Connects to server-216-137-61-14.fra2.r.cloudfront.net  (216.137.61.14:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (205.251.243.8:80)

TCP (HTTP):
Connects to par03s12-in-f15.1e100.net  (173.194.45.47:80)

TCP (HTTP):
Connects to mpr6.ngd.vip.ch1.yahoo.com  (217.163.21.39:80)

TCP (HTTP):
Connects to mail.safer-networking.ie  (91.121.209.155:80)

TCP (HTTP):
Connects to l3.ycs.vip.dee.yahoo.com  (66.196.65.188:80)

Remove sysTPLService.exe - Powered by Reason Core Security