- Jan 2, 2021
- 6,237
- 8,088
I got bored with it at 17...
Not that it matters... I don't plan a replay anyways - Thread starter Crazygamer43
- Start date
-
- Tags
- 2d game 3dcg adventure ahegao anal sex animated bdsm big ass big tits bukkake creampie exhibitionism female domination footjob groping group sex handjob harem interracial lesbian male protagonist masturbation milf mobile game multiple penetration oral sex paranormal pregnancy puzzle religion sex toys spanking teasing titfuck vaginal sex virgin voiced voyeurism
Not that it matters... I don't plan a replay anyways 
- Feb 1, 2020
- 3,625
- 3,356
- Feb 17, 2020
- 19
- 10
Whilst the build on front page technically works is there any particular reason that the executable is attempting to check to see if it's running in a VM, create a scheduled task, modify windows services, modify firewall settings and dropping executables designed to look like Microsoft Edge into random folders?
You must be registered to see the links
- Feb 22, 2018
- 7,562
- 7,323
RPGmaker runs on javascript. So it attempting to do wonky stuff is "normal". Though no1 reported anything in ~4 years and 2 games. You either got some shady link or your PC is already corrupted. Might wanna check your junk and/or stop going to shadier places with dubious links (like this place isn't shady). There's also the "real" version of the game running a Unity launcher that tries to get into NLT's server/database to update itself. You might have found a new way to fuck the game even more than the 6+ we got in here already
I was running the executable from the mega on page 1 in a fresh sandbox, and the above link is dynamic analysis of the executables behaviour from VirusTotal. Running it in a stealthed VM the executable seems to be able to break the Windows Security app and disable Tamper Protection, that goes a little beyond "wonky behaviour."
- Sep 25, 2018
- 8,945
- 10,823
My system, which I didn't run the executable on I might add, influenced the behaviour of the executable in completely fresh virtual machines controlled by both myself and VirusTotal? Seems legit.
Either way I just wanted to highlight the above. I'm fine playing the pirated version somebody has dropped a sneaky lil bit of malware into in a VM.
When the same download causes no issue with other people but have problem on your VM, yes it's absolutely legit that it's not the downloaded executable.
- Sep 25, 2018
- 8,945
- 10,823
What do you thing is more legit: A single dude saying the game has malware or approximate 500k people who are playing this and the previous games without a single issue?
- Mar 19, 2020
- 2,136
- 2,685
If you just check the
game.exe (and not the rest of the game),
You must be registered to see the links
might get weird results. The game will definitely not drop any "executables designed to look like Microsoft Edge" -- those are actual (digitally signed by Microsoft) original Edge files (I just checked them on my PC)! But without all the other game files, if you just run game.exe, it might try to "call home" and therefore your OS creates firewall rules, downloads outstanding Microsoft Edge updates etc., but that's just me guessing.You definitely checked the correct
game.exe file (I checked mine as well, same hash code, same result), and I'm 99.9% sure that these are just false positives which you wouldn't see if you were able to check the whole game.And here's how you can check the full game if you're still concerned:
- download the full game from OP
- open the ZIP, and remove the folders
www/movies and www/img- the remaining ZIP should now be ~180MB, which you can check on virustotal
Hope that helps!
- Mar 19, 2020
- 2,136
- 2,685
Aren't you guys always "laughing out loud" about people who don't read?
Thanks for proving that you don't read as well, and just want to hassle everyone!
- the check wasn't executed on their own VM, but in a sandbox from an AV company/from virustotal.com
- the checked file was 100% the game.exe from the most recent downloads available in OP
(literally takes like 1 minute to check that yourself!)
Those are the most ridiculous and uneducated comments I've ever read when it comes to viruses/malicious code. Please learn how malicious code works before posting anything like that ever again! "Just because a million people downloaded the virus and nothing bad happened, this is safe!" -- ROFL!
But that's way to off-topic, so I will stop here...
Uploading a zip unfortunately won't result in VirusTotal doing dynamic analysis of the behaviour of applications contained within said zip, although it would certainly be a neat feature if it did. I believe Joe Sandbox will let you do this if you really want to go ham on checking this file.
As for the rest most applications do not do this especially the parts relating to modification of Windows services, checking to see if it's running in a VM and attempting to create scheduled tasks. It also looks like it drops quite a few files in randomized locations so good luck finding the one which isn't signed by Microsoft on your specific install.
If you're curious to see how a legitimate application appears if you try and run it through dynamic analysis then drop a few files in and find out, I will however be unwatching this thread as I'm not overly interested in doing a deep dive on a clearly suspect file.
- Mar 19, 2020
- 2,136
- 2,685
Here's what you should do instead:
- download some RPGM games from "LATEST UPDATES" (filter for "Engine" = "RPGM")
- extract the
game.exefrom any of those games -- if it's build with the same version of RPGMMaker, thegame.exewill have the exact same size as TGO's one (and the same MD5 code as well) - check with virustotal.com -- same results
game.exe files (which has the same size) and put it into the TGO folder, then run it. Wow, it's loading TGO just fine! And no, that doesn't mean that every single RPGM based game is malicious. That's because the game.exe is a "general executable" from RPGMMaker.If you still don't trust: Download a free trial of RPGMMaker, and create your own "game" (create a sample project, save and built) -- then check the
game.exe file. The results will be shocking! ;-)
You must be registered to see the links
Perhaps this is a game built with an old version and RPGMaker had some very... imaginative... developers at some point in their history. Either way applications should not behave like that and I would strongly advise against trusting any software that does.
- Mar 19, 2020
- 2,136
- 2,685
Good thing no sandboxes flagged this executable as malicious.
// EDIT: I just checked the
calc.exe from Microsoft -- you should never use this (or trust it's developers) again! It drops random files, and I mean
You must be registered to see the links
! Oh hang on, those look very similar to those game.exe drops! Huh?
// EDIT #2: And now I will stop, sorry for being off-topic.
Last edited:
I would note that I explicitly ignored the malware detections on the first file and was looking purely at behaviours, automated dynamic analysis of malware isn't exactly great and will frequently result in false positives or false negatives so some manual review is required.
That said the above link you're responding to is an executable I created with a legitimate copy of RPGMaker, I wasn't expecting it to return any positives. Note how the behaviour differs to
You must be registered to see the links
.The only weird thing in that output from calc.exe is that it contains functionality that can detect a VM, but given the authors and lack of other suspicious behaviours I'm sure there's a legitimate reason for it. It drops no executables, doesn't deploy or modify any drivers, sets up no scheduled tasks, modifies no Windows services, doesn't modify any network/firewall settings and unsurprisingly doesn't really do very much at all.
If you want to keep having a prod at random stuff you're unfamiliar with or if you're convinced beyond reasonable doubt that the file is legit then knock yourself out. Personally I'll settle for just running it in a VM with PCI passthrough on the GPU.
Context matters. We didn't get a virus from the download but this guy claims there is one from the very same download.
As someone who's worked in IT all my life, including specifically doing virus cleanup on a large scale, I'd like to think I know what I'm talking about here.
So get off your high horse and stop taking things out of context.
- Feb 22, 2018
- 7,562
- 7,323
- Jan 7, 2018
- 21
- 21
Quick question, i am the point where it says "does andrea have a problem with paul from channel 4 highrise?" i looked at the guide but i cant get into andreas house. am i missing something?