sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.0.1.3

MD5:
1b19334be1f3104465506bec921912b3

SHA-1:
a829e1053c9d6c8eb39719fc2c50a70c84fabbe4

SHA-256:
61f78403e0e1061df1f09d26015d50543348d1fbdeb2f5b99720a4f698eb2d85

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/30/2017 12:45:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
387.8 KB (397,080 bytes)

Product version:
1.0.1.3

Copyright:
Copyright © Tlapia 2012-2013

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/22/2013 1:00:00 AM

Valid to:
1/23/2014 12:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59F70BE7091286E5251B02778D136FF2

File PE Metadata
Compilation timestamp:
9/29/2013 9:10:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:s2U47u9GmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/B:spRQtrgNfGy9BG/Pxve8tOM+B/vZ

Entry address:
0x629E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
17 KB (17,408 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-46-137-177-168.eu-west-1.compute.amazonaws.com  (46.137.177.168:80)

TCP (HTTP):
Connects to ssl.sc.opera.com  (82.145.223.176:80)

TCP (HTTP):
Connects to q2.qdatasales.com  (138.68.15.57:80)

TCP (HTTP):
Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com  (54.154.109.8:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to ec2-23-21-65-158.compute-1.amazonaws.com  (23.21.65.158:80)

TCP (HTTP):
Connects to cdn-178-79-235-254.dus.llnw.net  (178.79.235.254:80)

TCP (HTTP):
Connects to a104-86-58-105.deploy.static.akamaitechnologies.com  (104.86.58.105:80)

TCP (HTTP):
Connects to 20-124-232-198.static.unitasglobal.net  (198.232.124.20:80)

Remove sysTPLService.exe - Powered by Reason Core Security