Uploading a zip unfortunately won't result in VirusTotal doing dynamic analysis of the behaviour of applications contained within said zip, although it would certainly be a neat feature if it did. I believe Joe Sandbox will let you do this if you really want to go ham on checking this file.If you just check thegame.exe
(and not the rest of the game),You must be registered to see the linksmight get weird results. The game will definitely not drop any "executables designed to look like Microsoft Edge" -- those are actual (digitally signed by Microsoft) original Edge files (I just checked them on my PC)! But without all the other game files, if you just rungame.exe
, it might try to "call home" and therefore your OS creates firewall rules, downloads outstanding Microsoft Edge updates etc., but that's just me guessing.
You definitely checked the correctgame.exe
file (I checked mine as well, same hash code, same result), and I'm 99.9% sure that these are just false positives which you wouldn't see if you were able to check the whole game.
And here's how you can check the full game if you're still concerned:
- download the full game from OP
- open the ZIP, and remove the folderswww/movies
andwww/img
- the remaining ZIP should now be ~180MB, which you can check on virustotal
Hope that helps!
As for the rest most applications do not do this especially the parts relating to modification of Windows services, checking to see if it's running in a VM and attempting to create scheduled tasks. It also looks like it drops quite a few files in randomized locations so good luck finding the one which isn't signed by Microsoft on your specific install.
If you're curious to see how a legitimate application appears if you try and run it through dynamic analysis then drop a few files in and find out, I will however be unwatching this thread as I'm not overly interested in doing a deep dive on a clearly suspect file.