sysTPLService.exe

sysTPLService

TLAPIA

The application sysTPLService.exe by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “sysTPLService”.
Publisher:
TLAPIA  (signed and verified)

Product:
sysTPLService

Version:
1.4.1.5

MD5:
39dde9ebe8b3f0f7d1082f550f9a77a5

SHA-1:
9059a87f78073a1dbe8f92b52f57ec5d9437ad45

SHA-256:
1efeca061455198cf35515c4e13202f78e005fcdb6a357bc6e9ef31ec1020927

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:02:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA (M)
16.3.7.12

File size:
397.8 KB (407,320 bytes)

Product version:
1.4.1.5

Copyright:
Copyright © Tlapia 2012-2014

Trademarks:
Tlapia

Original file name:
sysTPLService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\systpl\systplservice.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 1:00:00 AM

Valid to:
2/21/2016 12:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5634AB7F528C8A806EF7C20703DC5967

File PE Metadata
Compilation timestamp:
3/4/2014 4:23:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:YDyn5YT9GmQkpM1p9gNJxGyUgvvzwoqKTL7qbrPPfN66Ble8SqOMjKwuf3Ljv/i:IRRQtrgNfGy9BG/Pxve8tOM+B/vK

Entry address:
0x8B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

Service
Display name:
sysTPLService

Service name:
sysTPLService.exe

Description:
sysTPL Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to snt-re1-10c.sjc.dropbox.com  (108.160.162.51:80)

TCP (HTTP):
Connects to hyp06-idp-proxy02.prg.ff.avast.com  (5.45.59.181:80)

TCP (HTTP):
Connects to hyp05-idp-proxy01.prg.ff.avast.com  (5.45.59.180:80)

TCP (HTTP):
Connects to fa-in-f95.1e100.net  (173.194.70.95:80)

TCP (HTTP):
Connects to ec2-54-228-223-241.eu-west-1.compute.amazonaws.com  (54.228.223.241:80)

TCP (HTTP):

TCP (HTTP):
Connects to x5bec7a01.host.myracloud.com  (91.236.122.1:80)

TCP (HTTP):
Connects to x.ligatus.com  (81.26.166.11:80)

TCP (HTTP):
Connects to www2.thinklabs-cluster.de  (46.4.173.131:80)

TCP (HTTP):
Connects to www1.thinklabs-cluster.de  (88.198.27.201:80)

TCP (HTTP):
Connects to www.personalnovel.de  (87.106.226.204:80)

TCP (HTTP):
Connects to whp26.fra.inet.de  (195.34.160.251:80)

TCP (HTTP):
Connects to w01.lopn.eu  (5.39.47.211:80)

TCP (HTTP):
Connects to vip018.ssl.hwcdn.net  (205.185.208.18:80)

TCP (HTTP):
Connects to video3.lhr01.justin.tv  (185.42.204.6:80)

TCP (HTTP):
Connects to snt-re2-10c.sjc.dropbox.com  (108.160.163.51:80)

TCP (HTTP):
Connects to server-54-240-162-93.fra6.r.cloudfront.net  (54.240.162.93:80)

TCP (HTTP):
Connects to server-54-240-162-70.fra6.r.cloudfront.net  (54.240.162.70:80)

TCP (HTTP):
Connects to server-54-240-162-207.fra6.r.cloudfront.net  (54.240.162.207:80)

Remove sysTPLService.exe - Powered by Reason Core Security