Gridinsoft Logo
File Icon

Sims2EP9.exe Trojan Heuristic Analysis

Updated 1 month ago
Checked by Malaware Check
Sims2EP9.exe

Technical Analysis

File Name Sims2EP9.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.213.174
Database Version 2025-04-13 21:00:29 UTC

Trojan.Heur!.00042031

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
20,764,496
File Size (bytes)
2025-04-13
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
1a9ff4743bdbab7831fe933395904887
SHA1
9db4772a9097d13ca1b73bc17f5f181a8dbc8fcf
SHA256
982bbeaec78bd85a3b53348429e760c0cda654124f9aa30baa56898e34235dc1
SHA512
e637d7e7cdfdc0ff87484be162b6d60f1d40372199fb81140368b111c44c358f107844d8312d3522f37eabe9a69c75e028a2450782e6a7277f6e25e5dabaea03
ImpHash
79cfc2555c8b2450f7d3c12c9bd847af

PE Analysis

Basic Information

Icon
Hash: c38425488c645e3d646ae8b987076612
Fuzzy: bbf46efc2e8de21e2a6e9063d7559cb9
dHash: 71f0f2e2b2b2f071
Image Base 0xa0000000
Entry Point 0xa09bf128
Compilation Time 2025-04-07 18:52:50
Checksum 0x013d7742 (Actual: 0x013db328)
OS Version 6.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path C:\dev\sims2remaster\DL\out\ReleaseSRT\Sims2EP9.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 19 libraries
Exports 20 functions
Resources 9 Resources
Sections 7 Sections

Version Information

Comments built 2025-04-07-1147, by RWS2-SIMSLEBLD1$ on RWS2-SIMSLEBLD1
CompanyName Maxis, a division of Electronic Arts Inc.
FileDescription The Sims 2 Legacy
FileVersion 1.18.0.189
LegalCopyright Copyright © 2004-2025 Electronic Arts Inc. All rights reserved.
OriginalFilename Sims2SP9.exe
ProductName The Sims 2 EP9
ProductVersion 1.18.0.189
SpecialBuild ReleaseSRT
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 16,020,142 bytes 16,020,480 bytes 6.65 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ B44DA64511A0BEE6C2B02FE23BCF8523
.rdata 0x00f49000 2,738,616 bytes 2,738,688 bytes 5.79 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 372092E8A06FE5BB6A2EF4F54572E06A
.data 0x011e6000 1,330,420 bytes 1,035,776 bytes 5.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE EC8A34EBB9A2B87E9EF867A1D935080C
LBMPEG_D 0x0132b000 1,024 bytes 1,024 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CF906ABFA348E1875CE312BE69408588
.rsrc 0x0132c000 12,088 bytes 12,288 bytes 5.27 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ ECB737DE3A1BDA63B8722F88DA5EC34B
.reloc 0x0132f000 942,188 bytes 942,592 bytes 6.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5AC5B206AA14A74D86F45FD2BBB50EF2
.anadius 0x01416000 1,810 bytes 2,048 bytes 1.04 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1F60B56577C2C03D3FDEC567022515D5
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 9 (11,531 bytes)
Resource Type Count Total Size Percentage
RT_ICON 6 10,032 bytes
87%
RT_GROUP_ICON 1 90 bytes
0.8%
RT_VERSION 1 1,028 bytes
8.9%
RT_MANIFEST 1 381 bytes
3.3%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00042031 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00042031 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware