home

SIW.EXE

System Information for Windows

Topala Software Solutions

The application SIW.EXE, “System Information” by Topala Software Solutions has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.gtopala.com and multiple other hosts.
Publisher:
Topala Software Solutions  (signed and verified)

Product:
System Information for Windows

Description:
System Information

Version:
4,10,0,2

MD5:
54d734776f1771f5b6c7552bd179a668

SHA-1:
faf8b35fbddc190c22f8a5498cdd33cc93ea1397

SHA-256:
397e69efce000dcba5a1535ee281186d3d2fac2640effa48a7e8449e2dbe811f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 10:37:46 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
W32.HfsAutoA
1.3.0.4923

ESET NOD32
Win32/RemoteAdmin.RemoteExec.AA (variant)
9.9623

Reason Heuristics
PUP.TopalaSoftwareSolutions
15.2.27.14

Trend Micro House Call
TROJ_GEN.F47V0828
7.2.58

File size:
5 MB (5,251,176 bytes)

Product version:
4,10,0,2

Copyright:
Copyright © 2005-2014 Gabriel Topala

Original file name:
SIW.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\siw.exe

Digital Signature
Signed by:
Topala Software Solutions

Authority:
COMODO CA Limited

Valid from:
5/3/2012 5:00:00 PM

Valid to:
5/4/2015 4:59:59 PM

Subject:
CN=Topala Software Solutions, O=Topala Software Solutions, STREET="22 Elkhorn Dr., #251", PostalCode=M2K 1J4, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1E362709E9545879CCFC63C3E7D085D

File PE Metadata
Compilation timestamp:
11/30/2014 8:07:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:NvVpySFp/iL1LvLozK17sfTwbE+oH661AZ5YaO+a3IV5+RACI8hLJwVUfCaijmyE:fppTG1oWk8bE+oT1a5DO+a3Q5pCLhLJP

Entry address:
0x45774D

Entry point:
B8, C8, 86, 59, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, B9, CF, 30, 49, B6, C7, 8B, 1F, 8B, 4E, 45, 36, 63, D5, AF, D8, D1, B1, DF, 52, 9A, E1, A8, 71, AE, D5, B6, 3E, 9B, 3F, D9, 37, 91, CB, B6, 66, 24, 26, 25, 0B, 42, 5B, 29, 05, EB, 61, BA, 5A, F4, B3, EF, 86, 72, 84, 88, 10, C0, E7, C6, 43, C9, 29, 3A, A0, CA, D5, 98, 51, 9C, F0, FA, 60, BB, F0, 50, E5, 6D, 76, 53, CD, CA, 5F, 30, 2D, D5, 53, 19, 93, 4A, 17, A7, 72, 61...
 
[+]

Entropy:
7.8368

Packer / compiler:
PECompact v2

Code size:
4.9 MB (5,189,120 bytes)

The file SIW.EXE has been seen being distributed by the following 2 URLs.

http://cdn.gtopala.com/download/.../siw.exe

http://cdn.gtopala.com/download/.../siw.exe

Remove SIW.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.