Gridinsoft Logo
File Icon

TS4_x64.exe Trojan Heuristic Analysis

Updated 1 year ago
Checked by Malware Check
TS4_x64.exe

Technical Analysis

File Name TS4_x64.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.146.174
Database Version 2023-11-04 17:00:44 UTC

Trojan.Heur!.00052033

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
36,854,320
File Size (bytes)
2023-11-04
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
88b7a3239a2b17317b5f1615fa38d0c9
SHA1
cab862a3ba18d9d6a8a451f51fa934127e8e78a2
SHA256
acdf7a13ef3a46763cfe49b60a47ce4e157a3e4e3833653fb6f2ba56ce5871f9
SHA512
032b524afee9757cf9ccff4d55565da9d23bb5ac8d9868a27ba33bca811ff1e5d2d2e403d623a14d02176c71622b2bb983ce98bcd038773e1cb1beac09cd1d78
ImpHash
3a458809e4e5f5f1557a63e3f0ecb45c

PE Analysis

Basic Information

Icon
Hash: 63af5380dff92c15b29cae394907c616
Fuzzy: 65c6f11e63f8c5f4894b992099b1d104
dHash: e8cc9696068ecce8
Image Base 0x140000000
Entry Point 0x1413698ac
Compilation Time 2023-07-01 00:35:13
Checksum 0x02329cdf (Actual: 0x023311bc)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
PDB Path D:\dev\TS4\_compile\Sims4\Releasex64\TS4_x64.pdb
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 37 libraries
Exports 6 functions
Resources 33 Resources
Sections 8 Sections

Digital Signatures

DigiCert Trusted Root G4 DigiCert, Inc. (US)
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Electronic Arts, Inc. (US)

Version Information

FileVersion 1.99.264.1030
ProductVersion 1.99.264.1030
CompanyName Electronic Arts Inc.
FileDescription The Sims™ 4
LegalCopyright © 2014 Electronic Arts Inc.
OriginalFilename TS4_x64.exe
ProductName The Sims™ 4
InternalName TS4_x64.exe
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 26,655,962 bytes 26,656,256 bytes 6.47 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4EB3ADFA0024634CC4FA3977C75E3AE0
.rdata 0x0196d000 7,726,596 bytes 7,727,104 bytes 5.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B7EB62924D74E6B30A4733010D78430B
.data 0x020cc000 1,229,588 bytes 666,112 bytes 4.56 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4E05DAE833B45AB7222BF264308ADA9F
.pdata 0x021f9000 1,384,656 bytes 1,384,960 bytes 6.84 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 086B6D943268C2FFD70652DC465D1148
_RDATA 0x0234c000 9,952 bytes 10,240 bytes 6.50 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 90CAA2A4E820FC374D3C9254B5D24D18
.rsrc 0x0234f000 128,936 bytes 129,024 bytes 7.15 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7618312A18EF21703966DCD2843BCB02
.reloc 0x0236f000 268,928 bytes 269,312 bytes 5.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 72C2B1FFA910197A9E78186095C5A242
.anadius 0x023b1000 1,554 bytes 2,048 bytes 1.90 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2852C0443EFAE6258C61921E40CED9C7
Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 33 (126,961 bytes)
Resource Type Count Total Size Percentage
STR 18 50,759 bytes
40%
RT_ICON 12 73,271 bytes
57.7%
RT_GROUP_ICON 1 174 bytes
0.1%
RT_VERSION 1 752 bytes
0.6%
RT_MANIFEST 1 2,005 bytes
1.6%

Certificate Chain Analysis

Certificate #1
Subject DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
DigiCert, Inc.
US
Issuer DigiCert Trusted Root G4
Serial Number 11533403529598586876501374841704918745
Certificate #2
Subject Electronic Arts, Inc.
Electronic Arts, Inc.
US
Issuer DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Serial Number 18371985912253300238230342045091841651
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.00052033 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.00052033 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware