home

TS4.exe

The Sims 4

Electronic Arts Inc.

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
Electronic Arts Inc.

Product:
The Sims™ 4

Version:
1.0.732.20

MD5:
4306a62d14228e84ff98ef0798bdb0cb

SHA-1:
feb67baf452738d8a08efd61d623449167aa5973

SHA-256:
c5707f9c42c18e726f231c7312f187d8aa2c3c6d4a9fbc09462424470b7fd097

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 7:34:33 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen2
7.11.180.40

avast!
Win32:PatchDll-A [PUP]
2014.9-141021

Bkav FE
W32.HfsAutoB
1.3.0.4959

NANO AntiVirus
Virus.Win32.Gen.ccmw
0.28.2.62841

Sophos
Mal/Scribble-D
4.98

File size:
52.5 MB (55,034,880 bytes)

Product version:
1.0.732.20

Copyright:
© 2014 Electronic Arts Inc.

Original file name:
TS4.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
9/25/2014 1:44:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:JMwUXMeqqffq2mj/hEU8X5hxAg8tL7Q9762fNr0r/PlYSBJ:q9X7qqf6KfX5X5eL7QJF0zldH

Entry address:
0x347E080

Entry point:
E8, AC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 4C, 44, 21, 23, 88, 3A, F0, E9, B2, 04, D9, C5, E8, 83, 86, F0, E3, E9, EF, AB, 55, 63, E9, 42, 4A, 80, 05, E8, 56, 66, BE, 4E, E9, A3, 60, 33, 33, E8, 40, 37, 51, A2, E8, 04, 81, AD, D8, E9, D4, 7F, D3, 30, E8, FB, 03, 77, 25, E9, 13, 85, AB, 5D, E8, FC, C8, 98, A1, E8, F3, 8F, 0B, D6, E8, 08, 6C, 9E, 8A, E9, D3, 9B, 13, 57, E8, 2C, F1, 71, E8, E8, F3, EA, 13, D7, E8, 0D, A9, 85, 08, E8, B3, 81, A5, F6, E9, FE, CC, F4, 4D, E8, D3, 5B, DC, 15, E9, 0A...
 
[+]

Code size:
34.6 MB (36,296,704 bytes)

Scheduled Task
Task name:
{009BDCC6-860F-413A-8C1E-FC5E78DD0845}

Trigger:
Registration (Runs on registration)


Windows Firewall Allowed Program
Name:
F:\The Sims 4\Game\Bin\TS4.exe


The file TS4.exe has been discovered within the following programs.

The Sims 4  by Electronic Arts
www.games4theworld.bestgoo.com
12% remove it
The Sims™ 4  by Electronic Arts
www.ea.com
7% remove it
 
Powered by Should I Remove It?

The file TS4.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/temporary/.../vJhSGaCC

http://s7547.chomikuj.pl/File.aspx?e=wWQd-Um78XbV9nZelNaYJ3rTGkrk79yzdJSeDt_XoGnUbBkI54frp8VO0pnhGG0TRfGb6lW89Ga5qit8ZtIjXHbFc3UHcXpulYkILId0FDss2LiSEZrS86KM9VwXC09i&pv=2

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to gosredirector.ea.com  (159.153.235.22:44125)

TCP (HTTP SSL):
Connects to ec2-54-243-92-213.compute-1.amazonaws.com  (54.243.92.213:443)

TCP (HTTP SSL):
Connects to ec2-174-129-212-75.compute-1.amazonaws.com  (174.129.212.75:443)

TCP (HTTP SSL):
Connects to ec2-107-22-178-155.compute-1.amazonaws.com  (107.22.178.155:443)

TCP (HTTP SSL):
Connects to ec2-75-101-128-206.compute-1.amazonaws.com  (75.101.128.206:443)

TCP (HTTP SSL):
Connects to ec2-54-225-177-160.compute-1.amazonaws.com  (54.225.177.160:443)

TCP (HTTP SSL):
Connects to ec2-50-16-228-214.compute-1.amazonaws.com  (50.16.228.214:443)

TCP (HTTP SSL):
Connects to ec2-174-129-201-199.compute-1.amazonaws.com  (174.129.201.199:443)

TCP (HTTP SSL):
Connects to ec2-75-101-153-214.compute-1.amazonaws.com  (75.101.153.214:443)

TCP (HTTP SSL):
Connects to ec2-54-243-145-134.compute-1.amazonaws.com  (54.243.145.134:443)

TCP (HTTP SSL):
Connects to ec2-54-235-213-74.compute-1.amazonaws.com  (54.235.213.74:443)

TCP (HTTP SSL):
Connects to ec2-54-197-253-72.compute-1.amazonaws.com  (54.197.253.72:443)

TCP (HTTP SSL):
Connects to ec2-54-235-253-2.compute-1.amazonaws.com  (54.235.253.2:443)

TCP (HTTP SSL):
Connects to ec2-54-225-157-44.compute-1.amazonaws.com  (54.225.157.44:443)

TCP (HTTP SSL):
Connects to ec2-204-236-217-238.compute-1.amazonaws.com  (204.236.217.238:443)

TCP (HTTP SSL):
Connects to ec2-54-243-229-55.compute-1.amazonaws.com  (54.243.229.55:443)

TCP (HTTP SSL):
Connects to ec2-50-16-237-77.compute-1.amazonaws.com  (50.16.237.77:443)

TCP (HTTP SSL):
Connects to ec2-54-225-144-5.compute-1.amazonaws.com  (54.225.144.5:443)

TCP (HTTP SSL):
Connects to ec2-23-23-198-0.compute-1.amazonaws.com  (23.23.198.0:443)

TCP (HTTP SSL):
Connects to ec2-23-21-253-160.compute-1.amazonaws.com  (23.21.253.160:443)

Scan TS4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.