home

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.gtopala.com.
Publisher:
Topala Software Solutions  (signed and verified)

Product:
System Information for Windows

Description:
System Information

Version:
5,2,0,0

MD5:
a0e3daaca0c12c87910277aec0c83d8b

SHA-1:
77cd473a93ba3190e463f5686852cc7ca9d83da6

SHA-256:
89d5bf36001761083886b3e3b234c16075c97cfdf78b0020ed73ea4b64e88b6f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/13/2025 10:48:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TopalaSoftwareSolutions (M)
15.8.8.23

File size:
5.3 MB (5,609,720 bytes)

Product version:
5,2,0,0

Copyright:
Copyright © 2005-2015 Gabriel Topala

Original file name:
SIW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\siw.exe

Digital Signature
Signed by:
Topala Software Solutions

Authority:
COMODO CA Limited

Valid from:
5/8/2015 2:00:00 AM

Valid to:
5/8/2018 1:59:59 AM

Subject:
CN=Topala Software Solutions, O=Topala Software Solutions, STREET=1 Carmel Street, L=Vaughan, S=Ontario, PostalCode=L6A 0W5, C=CA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
122AF1F36DAFC08D300BDA6AE569B263

File PE Metadata
Compilation timestamp:
7/7/2015 7:10:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:Gt2JOCk/ijmfkuyTNShofGWC1SVjMcr+oDqZ7Zy2zrAdQH4Zn2yEb:GzCLyf0fGAVprPDg7ZPrAdQ6rEb

Entry address:
0x3A918D

Entry point:
B8, 84, A5, 66, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, C7, E0, F3, BC, 7A, A9, 16, 90, DB, EE, 3D, 91, E3, DE, B9, FE, 06, 1D, FE, D7, 11, 09, F6, 48, 8C, DD, EA, 9B, 3B, 5D, CB, C8, 62, 81, 7A, 88, 2F, 29, B3, 67, A8, E0, 17, 63, 6F, 21, CD, 4E, 0D, ED, D3, E8, 8E, 96, 43, 29, 5C, 1C, 1D, FB, 75, 7E, 23, CA, 23, 46, 7F, 26, 34, AC, BA, 99, D1, 7C, 9C, A3, 75, 15, 41, 67, EB, 8F, B4, 25, 5E, 0F, C3, AA, 2C, 33, B6, 93, E5...
 
[+]

Entropy:
7.8464

Packer / compiler:
PECompact v2

Code size:
4.3 MB (4,517,376 bytes)

The file SIW.EXE has been seen being distributed by the following URL.

http://cdn.gtopala.com/download/.../siw.exe

Remove SIW.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.