simcity.exe

SimCity

Electronic Arts Inc.

The application simcity.exe has been detected as a potentially unwanted program by 17 anti-malware scanners.
Publisher:
Electronic Arts Inc.

Product:
SimCity

Description:
SimCity (TM)

Version:
10, 0, 0, 0

MD5:
1afeb552a55a0875b542df9684544bfd

SHA-1:
7b0c5a696ddc51f30a1269c72040a6bec6d61c0f

SHA-256:
d8b328a758858a4bbed5ae765730e4adf00961346f4b66e168e29a7a90c207f5

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:31:43 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.VMProtect
7.1.1

Avira AntiVirus
TR/Black.Gen2
7.11.146.224

AVG
Generic10_c
2015.0.3486

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Virus.Win32.Virut.CE
18205

ESET NOD32
Win32/Packed.VMProtect.AAA (variant)
8.9749

Fortinet FortiGate
W32/VMProtBad.A!tr
5/3/2014

IKARUS anti.virus
Trojan.Black
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.11965

McAfee
Artemis!1AFEB552A55A
5600.7142

Microsoft Security Essentials
VirTool:Win32/Obfuscator.XZ
1.10502

NANO AntiVirus
Riskware.Win32.Black.cvqdlt
0.28.0.59608

Norman
Troj_Generic.TBYCT
11.20140503

Panda Antivirus
Trj/Thed.V
14.05.03.04

Trend Micro House Call
TROJ_GEN.R0CBC0ECN14
7.2.123

Trend Micro
TROJ_GEN.R0CBC0ECN14
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
28784

File size:
4.9 MB (5,174,784 bytes)

Product version:
10, 0, 0, 0

Copyright:
©2013 Electronic Arts Inc.

Original file name:
SimCity.rc

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\simcity\simcity\simcity.exe

File PE Metadata
Compilation timestamp:
3/6/2014 10:02:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:4J//xDfiQDynwRANFllAQdedBhrD4PeztxKXVjhHYfZqAlRHFdMWf/lu:4J//liQQwRAFlCQUB0WtAVdHuHlzdMWl

Entry address:
0x10FE023

Entry point:
E9, BF, D4, 03, 00, 60, E8, 34, 28, 04, 00, 00, 00, 53, 65, 74, 45, 6E, 64, 4F, 66, 46, 69, 6C, 65, 00, 00, 00, 54, 72, 61, 6E, 73, 6C, 61, 74, 65, 4D, 65, 73, 73, 61, 67, 65, 00, D2, D5, F8, 89, C3, B1, F7, 66, F7, DF, 66, 0F, BD, C9, 66, C1, FF, 07, 89, C7, 38, E1, 30, C9, 60, B9, 04, 01, 00, 00, 3C, 45, F8, FF, 74, 24, 0C, 56, 30, C0, F8, F9, F2, AE, E8, EB, 29, F9, FF, 00, 00, 53, 65, 74, 43, 6C, 61, 73, 73, 4C, 6F, 6E, 67, 41, 00, 00, 00, 47, 65, 74, 4C, 6F, 6E, 67, 50, 61, 74, 68, 4E, 61, 6D, 65, 57...
 
[+]

Entropy:
7.9351

Packer / compiler:
Xtreme-Protector v1.05

Code size:
4.9 MB (5,104,640 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-176-34-234-161.eu-west-1.compute.amazonaws.com  (176.34.234.161:80)

TCP (HTTP):
Connects to ec2-46-51-179-106.eu-west-1.compute.amazonaws.com  (46.51.179.106:80)

TCP (HTTP):
Connects to ec2-54-247-76-19.eu-west-1.compute.amazonaws.com  (54.247.76.19:80)

TCP (HTTP):
Connects to fm-dyn-111-94-254-32.fast.net.id  (111.94.254.32:80)

TCP (HTTP):
Connects to fm-dyn-111-94-254-24.fast.net.id  (111.94.254.24:80)

TCP (HTTP SSL):
Connects to ec2-54-247-184-173.eu-west-1.compute.amazonaws.com  (54.247.184.173:443)

TCP (HTTP SSL):
Connects to ec2-54-246-98-201.eu-west-1.compute.amazonaws.com  (54.246.98.201:443)

TCP (HTTP):
Connects to ec2-46-51-187-93.eu-west-1.compute.amazonaws.com  (46.51.187.93:80)

TCP (HTTP):
Connects to a92-123-180-193.deploy.akamaitechnologies.com  (92.123.180.193:80)

TCP (HTTP):
Connects to sj236-107.dialup.seed.net.tw  (139.175.236.107:80)

TCP (HTTP):
Connects to fm-dyn-111-94-254-25.fast.net.id  (111.94.254.25:80)

TCP (HTTP):
Connects to s3-website-eu-west-1.amazonaws.com  (54.231.142.20:80)

TCP (HTTP):
Connects to s3-3-w.amazonaws.com  (54.231.131.74:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.225.136:80)

TCP (HTTP):
Connects to fm-dyn-111-94-254-77.fast.net.id  (111.94.254.77:80)

TCP (HTTP):
Connects to ec2-54-246-106-24.eu-west-1.compute.amazonaws.com  (54.246.106.24:80)

TCP (HTTP):
Connects to a92-123-180-192.deploy.akamaitechnologies.com  (92.123.180.192:80)

TCP (HTTP):
Connects to 62-140-236-163.fiord.ru  (62.140.236.163:80)

TCP (HTTP):
Connects to 62-140-236-161.fiord.ru  (62.140.236.161:80)

TCP (HTTP):
Connects to 62-140-236-154.fiord.ru  (62.140.236.154:80)

Remove simcity.exe - Powered by Reason Core Security