» thesimsdownloader.exe
Overview
Analysis
File Details
Downloads (1)

thesimsdownloader.exe

The Sims 4

The Sims GM

The executable thesimsdownloader.exe has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from simsdownloader.drivings.uploadtobox.com.

File name:

Publisher:

The Sims GM

Product:

The Sims 4

Description:

The Sims GM

Version:

MD5:

7358dd5dac34eca96e4c3ea058627425

SHA-1:

512aedd4223502558de8f857730b4bcbd7e8a559

SHA-256:

0c20ade7d2a5e6e237138f30d06c5c071d81afa4a9444244091bc69a513bfb56

Scanner detections:

10 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/24/2024 9:47:38 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160327-1

AVG

Win32/Sality

2015.0.4355

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.217.1571.0

Norman

Win32.Sality.3

10.04.2016 15:29:17

VIPRE Antivirus

Threat.4721115

48132

File size:

1.2 MB (1,310,057 bytes)

Product version:

The Sims GM

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Common path:

C:\Documents and Settings\{user}\My documents\downloads\thesimsdownloader.exe

File PE Metadata

Compilation timestamp:

12/5/2009 7:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:5rolKzKxHWk11HtGId7zpft9IIZo+xBw/bwg2XxPimkvjhYHW:BoKzKEkV9zpft9/3zwTx2Xxra

Entry address:

0x30CB

Entry point:

74, 07, FE, CA, 0F, AF, CD, 29, DD, F3, 88, EE, FE, CE, 4B, F2, 81, EA, 18, A9, 75, AB, 4B, 8B, D2, 0F, AF, EB, BE, 15, FB, AB, 2C, 83, E7, 00, 21, C8, F3, F6, C6, 6D, BF, EE, 82, 02, 00, 86, D3, 09, C5, 8D, 0D, 01, 99, 13, 7F, 81, F7, 2F, 88, 02, 00, 85, D1, 75, 06, 81, CA, 7A, 57, FD, 75, 0F, AF, DE, B5, F4, F2, 29, C8, 85, C1, 35, 74, EB, 7B, EC, 68, 89, F6, 0E, 00, 71, 08, F7, C0, 30, B4, D2, E5, 84, EC, 5B, 85, C6, 78, 06, 81, E8, 4C, 13, E1, 4A, 81, EB, B2, 28, 06, 00, FF, CA, F7, C7, A0, 10, 92, 2D... 
[+]

Code size:

22.5 KB (23,040 bytes)

The file thesimsdownloader.exe has been seen being distributed by the following URL.

http://simsdownloader.drivings.uploadtobox.com/TheSimsDownloader.exe

Remove thesimsdownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.