home

sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.0.1.4

MD5:
a5e3e9a2e9889a305f44e24d4a7779c3

SHA-1:
812ebf8dedd52bca6842b19c3968b150809f8678

SHA-256:
4b60bdcc9314b92b22b851e7448924ac617b5350438b979a86dbcd9bae027469

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 10:43:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
387.8 KB (397,080 bytes)

Product version:
1.0.1.4

Copyright:
Copyright © Tlapia 2012-2013

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:
TLAPIA

Authority:
VeriSign, Inc.

Valid from:
1/22/2013 1:00:00 AM

Valid to:
1/23/2014 12:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59F70BE7091286E5251B02778D136FF2

File PE Metadata
Compilation timestamp:
11/21/2013 4:06:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:32247JNGmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/HD:3WRQtrgNfGy9BG/Pxve8tOM+B/v/D

Entry address:
0x626E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
17 KB (17,408 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wg-in-f95.1e100.net  (173.194.78.95:80)

TCP (HTTP SSL):
Connects to we-in-f95.1e100.net  (173.194.66.95:443)

TCP (HTTP):
Connects to server-52-85-63-160.lhr50.r.cloudfront.net  (52.85.63.160:80)

TCP (HTTP):
Connects to s3-website-us-west-2.amazonaws.com  (54.231.168.163:80)

TCP (HTTP):
Connects to mad01s15-in-f0.1e100.net  (173.194.41.224:80)

TCP (HTTP):
Connects to lhr35s03-in-f2.1e100.net  (216.58.201.2:80)

TCP (HTTP):
Connects to lhr25s08-in-f2.1e100.net  (216.58.208.130:80)

TCP (HTTP):
Connects to host27-rangeA-akamai-aanp.cdn.thlon.isp.sky.com  (90.223.189.155:80)

TCP (HTTP):
Connects to host195-rangeA-akamai-aanp.cdn.enlba.isp.sky.com  (176.255.246.195:80)

TCP (HTTP):
Connects to host193-rangeA-akamai-aanp.cdn.enlba.isp.sky.com  (176.255.246.193:80)

TCP (HTTP):
Connects to host187-rangeA-akamai-aanp.cdn.enlba.isp.sky.com  (176.255.246.187:80)

TCP (HTTP):
Connects to host184-rangeA-akamai-aanp.cdn.enlba.isp.sky.com  (176.255.246.184:80)

TCP (HTTP SSL):
Connects to edge-star-shv-07-ams2.facebook.com  (31.13.64.97:443)

TCP (HTTP):
Connects to edge14.wavecdn.com  (82.199.134.133:80)

TCP (HTTP):
Connects to ec2-54-77-88-224.eu-west-1.compute.amazonaws.com  (54.77.88.224:80)

TCP (HTTP):
Connects to ec2-52-6-61-89.compute-1.amazonaws.com  (52.6.61.89:80)

TCP (HTTP):
Connects to ec2-52-48-131-89.eu-west-1.compute.amazonaws.com  (52.48.131.89:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-208-88-93.eu-west-1.compute.amazonaws.com  (52.208.88.93:80)

TCP (HTTP):
Connects to ec2-184-73-242-52.compute-1.amazonaws.com  (184.73.242.52:80)

Remove sysTPLService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.