home

sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.0.1.4

MD5:
3fb90d9c98d4058e0edde3f870555878

SHA-1:
ed92772b6e9df8dc7d67dfb426cc671b5ba846d6

SHA-256:
1e8ef6ddaab652eeaeece84277d4595870a9c1afd62f736b22ff46c2fe00aab4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 9:31:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
385.1 KB (394,352 bytes)

Product version:
1.0.1.4

Copyright:
Copyright © Tlapia 2012-2013

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:
TLAPIA

Authority:
VeriSign, Inc.

Valid from:
1/22/2013 12:00:00 AM

Valid to:
1/22/2014 11:59:59 PM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59F70BE7091286E5251B02778D136FF2

File PE Metadata
Compilation timestamp:
11/21/2013 3:06:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:32247JNGmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/Z3:3WRQtrgNfGy9BG/Pxve8tOM+B/vx3

Entry address:
0x626E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
17 KB (17,408 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.131.255.9.176.clients.your-server.de  (176.9.255.131:80)

TCP (HTTP):
Connects to snt-re2-9a.sjc.dropbox.com  (108.160.163.45:80)

TCP (HTTP):
Connects to snt-re1-6a.sjc.dropbox.com  (108.160.162.33:80)

TCP (HTTP SSL):
Connects to servidor001.illuminati.es  (77.67.11.67:443)

TCP (HTTP SSL):
Connects to r2.ycpi.vip.dee.yahoo.net  (66.196.66.157:443)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.ams.yahoo.net  (66.196.66.212:443)

TCP (HTTP):
Connects to mrs02s04-in-f13.1e100.net  (173.194.39.45:80)

TCP (HTTP SSL):
Connects to lhr14s22-in-f4.1e100.net  (173.194.34.164:443)

TCP (HTTP SSL):
Connects to lhr14s22-in-f0.1e100.net  (173.194.34.160:443)

TCP (HTTP SSL):
Connects to hosted-by.illuminati.es  (77.67.11.82:443)

TCP (HTTP SSL):
Connects to ge-TCH2-Madrid-sw2-Madrid-wokse.illuminati.es  (77.67.11.64:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mad1.facebook.com  (31.13.83.8:443)

TCP (HTTP):
Connects to ec2-54-245-245-22.us-west-2.compute.amazonaws.com  (54.245.245.22:80)

TCP (HTTP):
Connects to ec2-54-244-234-144.us-west-2.compute.amazonaws.com  (54.244.234.144:80)

TCP (HTTP):
Connects to ec2-54-225-135-129.compute-1.amazonaws.com  (54.225.135.129:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to ec2-184-73-184-162.compute-1.amazonaws.com  (184.73.184.162:80)

TCP (HTTP SSL):
Connects to channelproxy-shv-07-ash2.facebook.com  (173.252.113.17:443)

TCP (HTTP SSL):
Connects to channelproxy-shv-06-frc1.facebook.com  (69.171.248.16:443)

TCP (HTTP SSL):
Connects to channelproxy-shv-04-frc3.facebook.com  (173.252.107.18:443)

Remove sysTPLService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.