I personally wonder what it would take for someone to convince everyone that the crack is safe to run, and I would love to see it. For now, I'm going to stay skeptical and find something else to play.
For me, it'd be posting the source code in a github. I mean, what's the fear? That the pirated game cracker will get pirated? I often put these "False positive" cracks into a windows 10 virtual box, first thing I'll do is hit them with uni-extractor. At least half the time it'll split the crack out into a crack file, and also, a RAT (remote access trojan.)
Baring that, if nothing splits out, my second step is to run it in the virtual box and then inspect what it is doing with glasswire and see if it is trying to talk to anyone someplace other than where the program itself is trying to call home to for license verification.
After that? I'll spy into what it is doing with taskfree, process hacker 2, etc.
To me, the big red flag is that a lot of people are saying it self-deletes after being run. If you have a cracker that is trying to expediently delete itself after cracking... that seems like someone who wants to try to do naughty things as expediently as possible in the hope that it isn't observed.
The usual excuse from a cracker is that the code is obscured so that is why it false positives. Well, about 65% of the time I see a "false positive" claim, you can dive in with process hacker or task free, and do a string search on the crack's hex, and find luminosity link, imminent monitor, darkcomet, cybergate, nanocore, babylon rat, njrat, ozone, keybase, predator pain, elite key and others as RATs, allowing the cracker to put software onto your computer or take information from it.
Another thing I'll see them do often is post a virus scan of the zip or rar file. That's an attempt to obscure, too. A crack generally shouldn't be so large that it needs to be submitted to virustotal as a zip or rar.
I guess if you go that hard-nuts into inspecting a crack, short of sourcecode, there is no way to be any more sure than something you compiled yourself.
Now as for the detections themselves on this specific crack. Most of the positives on virustotal look to be heuristics. AI detection, etc. This means the virus scanners are saying "This crack edits memory. This crack re-writes such and such files. This crack changes a registry address... this is all stuff a virus would do" and then it flags it as a virus as a precaution. What concerns me is several reputable scanners on that list say Artemis. Artemis has behaviors that interact with the web browser. There's not a good reason, in my mind, for the game or the crack to need to interact with any web browser unless the game's content is somehow streamed from a cloud location. Being a 2gb game, I really doubt any cloud streaming is going on.
