» TS4.exe
Overview
Analysis
File Details
Programs (2)
Downloads (6)
Network (37)

TS4.exe

The Sims 4

Electronic Arts Inc.

File name:

TS4.exe

Publisher:

Electronic Arts Inc.

Product:

The Sims™ 4

Version:

1.5.139.1020

MD5:

c040f3ee7115827d1055387530b79cb9

SHA-1:

5bf0a60cc17157ad03f903574af7314a64e44038

SHA-256:

13000b66792c211aab36bb8b3796ec508399f04d471741a313b5016a028f5e59

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 10:09:22 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Artemis!C040F3EE7115

5600.6805

Norman

Heuristic_Anomaly.A

11.20150404

Trend Micro House Call

Suspicious_GEN.F47V0403

7.2.94

ViRobot

Trojan.Win32.A.PSW-Magania.19268608[h]

2014.3.20.0

File size:

18.4 MB (19,268,608 bytes)

Product version:

1.5.139.1020

Original file name:

TS4.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\the sims 4 - get to work\game\bin\ts4.exe

File PE Metadata

Compilation timestamp:

3/20/2015 8:13:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

196608:qyU4L9Krd+pGtvhVdAnUT8m+EzT6DEJOECuX5iju6YM:qZAKcpYhVKsJzWDHuX5au6YM

Entry address:

0xE91D00

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 28, 01, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5945

Code size:

14.6 MB (15,273,472 bytes)

The file TS4.exe has been discovered within the following programs.

The Sims 4 by Electronic Arts

www.games4theworld.bestgoo.com

12% remove it

The Sims™ 4 by Electronic Arts

www.ea.com

7% remove it

The file TS4.exe has been seen being distributed by the following 6 URLs.

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVcWt-RaolstLkjDId9SONb7TWQ6pdqjscggWxOLPEHIMtT1cuhUehgZj2l_T18SS5GTyAOysRt2zchc5n9psBgFqqRkjRR4Eoe0qXxcrbWeR&pv=2

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVfoRHXAXKeTBQF36tqR0u9Kc5fZOYdNtiPr_7_lHW7055r4G-2YJmCan6pgDo2HjrXAt3sPOZtx7CEN8HgCtb1ZRXFHVKJXslTnSg0y7cXy4&pv=2

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVZ9_IC-99UTZ2jRZplzs5fl3Elggid-_2KMDo8Fo7P9XO3msPk3Agbxl50FeG9Z83PTPj8GeAf76LJUMHDf0N1lfnjVRnvuB2Id4DD33DQcu&pv=2

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVfxdiNrj12sbmWETMZt__iwfBQfd_obVlIiIH1mcc2ac5nvkr7jbps7dee-Wed_3d-mqIv3_wXiHms6vRblIfCeEpbQem0oaIDsZQhhJLCEf&pv=2

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVcWt-RaolstLkjDId9SONb4JHhg03jdA_jGasqYkNY6Yrb1nUHrM3vxo-QVVtueDMkAdjtS9B1FKnQuAuVW_pdE8sx37_H0M3B-SJolpHVEt&pv=2

http://s6375.chomikuj.pl/File.aspx?e=9Uc8-JH_M3-xPnmJRgRuVf96DQcI7KOKZfqUTakP-tZORGuQLsCL8Y2R6TU4vagSACZdPwUxR5gsWanYA3fpIwLNMygtsSL3XMWI1gbC-sefJjgrkShrjpL4TYSTYo4J&pv=2

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ec2-54-197-253-72.compute-1.amazonaws.com (54.197.253.72:443)

TCP:

Connects to gosredirector.ea.com (159.153.235.22:44225)

TCP (HTTP SSL):

Connects to ec2-107-22-178-155.compute-1.amazonaws.com (107.22.178.155:443)

TCP (HTTP SSL):

Connects to ec2-54-225-177-160.compute-1.amazonaws.com (54.225.177.160:443)

TCP (HTTP SSL):

Connects to ec2-54-235-253-2.compute-1.amazonaws.com (54.235.253.2:443)

TCP (HTTP SSL):

Connects to ec2-23-21-253-160.compute-1.amazonaws.com (23.21.253.160:443)

TCP (HTTP SSL):

Connects to ec2-107-21-227-75.compute-1.amazonaws.com (107.21.227.75:443)

TCP (HTTP SSL):

Connects to ec2-54-243-92-213.compute-1.amazonaws.com (54.243.92.213:443)

TCP (HTTP SSL):

Connects to ec2-54-225-157-44.compute-1.amazonaws.com (54.225.157.44:443)

TCP (HTTP SSL):

Connects to ec2-50-16-237-77.compute-1.amazonaws.com (50.16.237.77:443)

TCP (HTTP SSL):

Connects to ec2-174-129-212-75.compute-1.amazonaws.com (174.129.212.75:443)

TCP (HTTP SSL):

Connects to ec2-75-101-153-214.compute-1.amazonaws.com (75.101.153.214:443)

TCP (HTTP SSL):

Connects to ec2-75-101-128-206.compute-1.amazonaws.com (75.101.128.206:443)

TCP (HTTP SSL):

Connects to ec2-54-235-213-74.compute-1.amazonaws.com (54.235.213.74:443)

TCP (HTTP SSL):

Connects to ec2-50-19-125-236.compute-1.amazonaws.com (50.19.125.236:443)

TCP (HTTP SSL):

Connects to ec2-54-243-229-55.compute-1.amazonaws.com (54.243.229.55:443)

TCP (HTTP SSL):

Connects to ec2-54-225-144-5.compute-1.amazonaws.com (54.225.144.5:443)

TCP (HTTP SSL):

Connects to ec2-54-197-247-4.compute-1.amazonaws.com (54.197.247.4:443)

TCP (HTTP SSL):

Connects to ec2-204-236-217-238.compute-1.amazonaws.com (204.236.217.238:443)

TCP (HTTP SSL):

Connects to ec2-54-243-145-134.compute-1.amazonaws.com (54.243.145.134:443)

Scan TS4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.