» ts3w.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (10)
Downloads (7)

ts3w.exe

Sims 3

Electronic Arts

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. This file is installed with multiple programs including Os Sims™ 3 and The Sims™ 3 Pets. The file has been seen being downloaded from s8521.chomikuj.pl and multiple other hosts.

File name:

ts3w.exe

Publisher:

Electronic Arts Inc. (signed by Electronic Arts)

Product:

Sims 3

Version:

0.2.0.164

MD5:

ccb6ee831b7841c147c434eac962df13

SHA-1:

ee7c1fe69af7173cac385ed65dacbdf54af537f6

SHA-256:

fad6316b11f63d6a225e25286f3f2a20869feb51e4d13910b7785d4f825495c1

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/24/2024 5:17:20 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.XPACK/RDM!5.1

23.00.65.14116

File size:

12.9 MB (13,501,712 bytes)

Product version:

0.2.0.164

Original file name:

Game_Win32.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\electronic arts\los sims 3\game\bin\ts3w.exe

Digital Signature

Signed by:

Electronic Arts

Authority:

VeriSign, Inc.

Valid from:

9/5/2008 2:00:00 AM

Valid to:

10/5/2011 1:59:59 AM

Subject:

CN=Electronic Arts, OU=Synthetic, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Electronic Arts, L=Redwood City, S=Ca, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6E9B46A4FDC17828C3E7EA71C2BE85FB

File PE Metadata

Compilation timestamp:

9/16/2011 4:04:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

196608:xy85k6goRWyJOVHskpfE0j6CByg2Xuo0fYKNjHlHmtRpP:88PgzfiJuo0YkjHlGh

Entry address:

0xA3C551

Entry point:

E8, 4E, 04, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, FC, F5, E4, 00, FF, 25, 00, F6, E4, 00, FF, 25, 04, F6, E4, 00, 3B, 0D, 00, 28, 0C, 01, 75, 02, F3, C3, E9, BB, 04, 00, 00, CC, FF, 25, 0C, F5, E4, 00, FF, 25, 10, F5, E4, 00, FF, 25, 18, F5, E4, 00, 68, E9, C5, E3, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 00, 28, 0C, 01, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00... 
[+]

Code size:

10.3 MB (10,805,248 bytes)

Scheduled Task

Task name:

{87D03B30-69F4-4C77-ACE5-64C08EBB149D}

Trigger:

Registration (Runs on registration)

The file ts3w.exe has been discovered within the following programs.

Die Sims™ 3 by Electronic Arts

www.TheSims3.com

9% remove it

Les Sims™ 3 by Electronic Arts

12% remove it

Les Sims™ 3 Animaux & Cie by Electronic Arts

3% remove it

Os Sims™ 3 by Electronic Arts

12% remove it

PDF-Viewer by Tracker Software Products Ltd

Publisher's description - “Those wishing to View/Modify or perform simple editing and even OCR Image based PDF files on their Windows PC's now have a FREE pdf reader alternative to the Adobe Reader! The PDF-XChange Viewer is smaller, faster and more feature rich than any other FREE PDF Reader/ PDF Viewer/ PDF Editor available.”

www.docu-track.com

39% remove it

The Sims 3 Pets by Electronic Arts

The Sims 3 Pets is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.

11% remove it

The Sims" 3 by Electronic Arts

7% remove it

The Sims" 3 Pets by Electronic Arts

4% remove it

The Sims™ 3 by Electronic Arts

The Sims 3 is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.

2% remove it

The Sims™ 3 High-End Loft Stuff by Electronic Arts

The Sims 3 High-End Loft Stuff is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.

1% remove it

Latest 20 of 19 programs

The file ts3w.exe has been seen being distributed by the following 7 URLs.

http://s8521.chomikuj.pl/File.aspx?e=eH_RoVU3HzYKwyzTw3-TTFAb9TPndxWgUuYdXPbYuKKI70vxA2mFWlaHSCGcw4u6x_nfrXmiNmcvLAc_pYdfjH2uIlQfG2tkxxpw0EktucTos5K4i4wJ4aWsNMwGy-C6&pv=2

http://s8521.chomikuj.pl/File.aspx?e=eH_RoVU3HzYKwyzTw3-TTLTp9KYGiARQAUImIJEE_fKNoLTs2nR-JgC-DkPvn9pgczKSqibS1Td5b4aJlL8PCXitsRa7x6zxDARH0_LPerQssPWApHPwmn5TOP7oB8EK&pv=2

http://s8521.chomikuj.pl/File.aspx?e=eH_RoVU3HzYKwyzTw3-TTAaUVbZBDgaTjvchZ_jnToG9UoMYdVane4Fj4bxHsddadMpf8padkNnctZvHiIb5dnkHr-D_YWfNgaNEys4cPF_RCCkwayAp0jElrf1G6Kcl&pv=2

http://s10437.chomikuj.pl/File.aspx?e=eH_RoVU3HzYKwyzTw3-TTFAb9TPndxWgUuYdXPbYuKJ7QI_aYsv_C605p40pIHf70J5XAPPUbrdFhqbxF7l-0CmgDfWB6sbq7PS1MB-Um03QwBKKT_2S7v_fztSQ_6Qt&pv=2

https://dl-web.dropbox.com/.../TS3W.exe

http://zalacznik.wp.pl/0/.../TS3W.exe

http://am4-r1f7-stor04.uploaded.net/.../09f7ac01-6992-4cd6-b79e-9db5fa911bba

Scan ts3w.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.