» thesimssetup.exe
Overview
Analysis
File Details
Downloads (1)

thesimssetup.exe

Game Manager

The application thesimssetup.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from thesims4.uploadtobox.com.

File name:

thesimssetup.exe

Publisher:

Game Manager

Product:

Game Manager

Version:

MD5:

7c706b5f4793e18e6c0f3c3c5093ca07

SHA-1:

646296c54a4c7800f8d0b54fec6292c3cdcde640

SHA-256:

b22a1fc12b6e746370073f41f5e5723b5a43b74422d7b0baa08be6bed12cfc75

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/24/2024 9:36:01 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallMonetizer.AN potentially unwanted application

8.0.319.0

Microsoft Security Essentials

Threat.Undefined

1.215.1053.0

File size:

1.2 MB (1,236,273 bytes)

Product version:

Game Manager

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\thesimssetup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 5:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:eCHWk11HtGId7zpft9IIZo+xBw/b7g2XxPimkvL8VH8:6kV9zpft9/3zwTM2XxrP6

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.3332

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file thesimssetup.exe has been seen being distributed by the following URL.

http://thesims4.uploadtobox.com/TheSimsSetup.exe

Remove thesimssetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.