sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.4.1.3

MD5:
7a6a1b5e88506a6195d7cc938e1a3a31

SHA-1:
bb8e920f7e63d93424f7312a8cc3d3ead7e7f68a

SHA-256:
6804ff005c729a32eab067f0cc19e94d679f8ae953ca6677b3226a51f49e9d27

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2018 4:05:09 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
391.3 KB (400,664 bytes)

Product version:
1.4.1.3

Copyright:
Copyright © Tlapia 2012-2014

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 8:00:00 AM

Valid to:
2/21/2016 7:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5634AB7F528C8A806EF7C20703DC5967

File PE Metadata
Compilation timestamp:
1/24/2014 9:33:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:wBNegef9GmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/9:5RQtrgNfGy9BG/Pxve8tOM+B/vV

Entry address:
0x71AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00...
 
[+]

Entropy:
4.6626

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
20.5 KB (20,992 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dev.ucoz.net  (193.109.246.157:80)

TCP (HTTP):
Connects to ec2-176-34-123-11.eu-west-1.compute.amazonaws.com  (176.34.123.11:80)

TCP (HTTP):

TCP (HTTP):
Connects to s101.ucoz.net  (213.174.157.150:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to ec2-54-228-205-169.eu-west-1.compute.amazonaws.com  (54.228.205.169:80)

TCP (HTTP):
Connects to ec2-54-228-223-241.eu-west-1.compute.amazonaws.com  (54.228.223.241:80)

TCP (HTTP):
Connects to ec2-52-5-232-222.compute-1.amazonaws.com  (52.5.232.222:80)

TCP (HTTP):
Connects to ec2-176-34-106-24.eu-west-1.compute.amazonaws.com  (176.34.106.24:80)

TCP (HTTP):
Connects to cdn-87-248-221-253.par.llnw.net  (87.248.221.253:80)

TCP (HTTP):
Connects to static.144.255.9.176.clients.your-server.de  (176.9.255.144:80)

TCP (HTTP):
Connects to s10.flagcounter.com  (64.22.86.178:80)

TCP (HTTP):
Connects to paris-20.cdn77.com  (185.93.2.22:80)

TCP (HTTP):
Connects to ec2-54-208-116-0.compute-1.amazonaws.com  (54.208.116.0:80)

TCP (HTTP):
Connects to ec2-54-174-14-7.compute-1.amazonaws.com  (54.174.14.7:80)

TCP (HTTP):
Connects to ec2-52-204-129-22.compute-1.amazonaws.com  (52.204.129.22:80)

TCP (HTTP):
Connects to e1dc-unassigned.eserver-ru.com  (178.218.212.121:80)

TCP (HTTP):
Connects to dev44.ucoz.net  (217.199.217.44:80)

TCP (HTTP):
Connects to cdn-87-248-221-254.par.llnw.net  (87.248.221.254:80)

TCP (HTTP):
Connects to abocawordpress.sintrasviluppo.it  (156.54.63.126:80)

Remove sysTPLService.exe - Powered by Reason Core Security