RPGM Completed Paizuri Slave Training Program [v1.05] [Aeba no Mori]

[RicknRollDickHole]

it was used with a program called "Bat To Exe Converter", you can google that.
basically, someone made the malware in this batch file (probably dev themselves), then ran the program on it with the option to encrypt the original batch file, giving you 2 files as output, one being the binary .exe and the other being this batch file with encrypted contents, with the non-malware unencrypted part appended at the end to run the game.
since it seems to be a coin miner, dev probably got it somewhere to make an extra buck and simply added 2 extra lines at the end to run his game and pretend that's how you're supposed to run it.

it worse then just a bitcoin miner it hijack edge and webview likely to see passwords and credit card info it create lot of stuff like "program" auto start and trustedinstaller processes that kill/remove themselves when you find out about them (of course they get installed back either when you're idle or you restart) and lot more stuff that aren't as scary then the fact it mines bitcoins (at least tries since it would take millions of years to get one on my gpu) also all anti-viruses that i have tested can't remove it but that isn't as scary as losing some performance when idle and away from the computer that the worse thing this virus does

 

[RicknRollDickHole]

anyway someone still got the virus (the batc- i mean exe file that is totally not just a batch file) i want to upload it to every antivirus that don't detect it

 

[Estronix]

Bro if the game has an actual virus then delete this whole thread lol, why is the page still online? If Aeba really did put a malware then we better told it even on DL Site/Ci En and confront him

 

[GIMM]

the game works fine

 

[thoox22]

Are you talking about this section?

::[Bat To Exe Converter]
::
::YAwzoRdxOk+EWAjk
::fBw5plQjdCuDJNxsIsbt1CfXrPQB3rk55WmfCyh4Dxu7KofC0hfG+20JWVdSHGPzGsADrxPHLfm6afcFDxRWMBuoYW8=
::YAwzuBVtJxjWCl3EqQJgSA==
::ZR4luwNxJguZRRnk
::Yhs/ulQjdF+5
::cxAkpRVqdFKZSzk=
::cBs/ulQjdF+5
::ZR41oxFsdFKZSDk=
::eBoioBt6dFKZSDk=
::cRo6pxp7LAbNWATEpCI=
::egkzugNsPRvcWATEpCI=
::dAsiuh18IRvcCxnZtBJQ
::cRYluBh/LU+EWAnk
::YxY4rhs+aU+JeA==
::cxY6rQJ7JhzQF1fEqQJQ
::ZQ05rAF9IBncCkqN+0xwdVs0
::ZQ05rAF9IAHYFVzEqQJQ
::eg0/rx1wNQPfEVWB+kM9LVsJDGQ=
::fBEirQZwNQPfEVWB+kM9LVsJDGQ=
::cRolqwZ3JBvQF1fEqQJQ
::dhA7uBVwLU+EWDk=
::YQ03rBFzNR3SWATElA==
::dhAmsQZ3MwfNWATElA==
::ZQ0/vhVqMQ3MEVWAtB9wSA==
::Zg8zqx1/OA3MEVWAtB9wSA==
::dhA7pRFwIByZRRnk
::Zh4grVQjdCuDJNxsIsbt1CfXrPQB3rk55WmfCyh4Dxu7KofC0hfG+20JWVdSHGPzGsADrxPHLfm6afc4HhpRcDWqYwp6rHZH1g==
::YB416Ek+ZG8=
::
::
::978f952a14a936cc963da21a135fa983


The :: implies that they are comments. But I don't know what it's saying since it's encrypted. But I'd assume since they are comment they aren't running anything.

Only thing that is running should be this part

cd GameData
start Game.exe

Looks encoded rather than encrypted so if you know the character set and encoding you could probably read it

 

[opopi123]

Looks encoded rather than encrypted so if you know the character set and encoding you could probably read it

Yeah I thought so to so i did attempt to run it through a decoder using well known character sets but didn't get anything. Yeah I remembered to remove the :: comment on each line