CREATE YOUR AI CUM SLUT ON CANDY.AI TRY FOR FREE
x

Nihil5320

Member
Jul 2, 2022
371
933
If you just check the game.exe (and not the rest of the game), might get weird results. The game will definitely not drop any "executables designed to look like Microsoft Edge" -- those are actual (digitally signed by Microsoft) original Edge files (I just checked them on my PC)! But without all the other game files, if you just run game.exe, it might try to "call home" and therefore your OS creates firewall rules, downloads outstanding Microsoft Edge updates etc., but that's just me guessing.

You definitely checked the correct game.exe file (I checked mine as well, same hash code, same result), and I'm 99.9% sure that these are just false positives which you wouldn't see if you were able to check the whole game.

And here's how you can check the full game if you're still concerned:
- download the full game from OP
- open the ZIP, and remove the folders www/movies and www/img
- the remaining ZIP should now be ~180MB, which you can check on virustotal

Hope that helps!
Uploading a zip unfortunately won't result in VirusTotal doing dynamic analysis of the behaviour of applications contained within said zip, although it would certainly be a neat feature if it did. I believe Joe Sandbox will let you do this if you really want to go ham on checking this file.

As for the rest most applications do not do this especially the parts relating to modification of Windows services, checking to see if it's running in a VM and attempting to create scheduled tasks. It also looks like it drops quite a few files in randomized locations so good luck finding the one which isn't signed by Microsoft on your specific install.

If you're curious to see how a legitimate application appears if you try and run it through dynamic analysis then drop a few files in and find out, I will however be unwatching this thread as I'm not overly interested in doing a deep dive on a clearly suspect file.
 

theMickey_

Engaged Member
Mar 19, 2020
2,244
2,934
...I will however be unwatching this thread as I'm not overly interested in doing a deep dive on a clearly suspect file.
Here's what you should do instead:
  • download some RPGM games from "LATEST UPDATES" (filter for "Engine" = "RPGM")
  • extract the game.exe from any of those games -- if it's build with the same version of RPGMMaker, the game.exe will have the exact same size as TGO's one (and the same MD5 code as well)
  • check with virustotal.com -- same results
Fun fact: take any of those extracted game.exe files (which has the same size) and put it into the TGO folder, then run it. Wow, it's loading TGO just fine! And no, that doesn't mean that every single RPGM based game is malicious. That's because the game.exe is a "general executable" from RPGMMaker.

If you still don't trust: Download a free trial of RPGMMaker, and create your own "game" (create a sample project, save and built) -- then check the game.exe file. The results will be shocking! ;-)
 

Nihil5320

Member
Jul 2, 2022
371
933
Here's what you should do instead:
  • download some RPGM games from "LATEST UPDATES" (filter for "Engine" = "RPGM")
  • extract the game.exe from any of those games -- if it's build with the same version of RPGMMaker, the game.exe will have the exact same size as TGO's one (and the same MD5 code as well)
  • check with virustotal.com -- same results
Fun fact: take any of those extracted game.exe files (which has the same size) and put it into the TGO folder, then run it. Wow, it's loading TGO just fine! And no, that doesn't mean that every single RPGM based game is malicious. That's because the game.exe is a "general executable" from RPGMMaker.

If you still don't trust: Download a free trial of RPGMMaker, and create your own "game" (create a sample project, save and built) -- then check the game.exe file. The results will be shocking! ;-)


Perhaps this is a game built with an old version and RPGMaker had some very... imaginative... developers at some point in their history. Either way applications should not behave like that and I would strongly advise against trusting any software that does.
 

theMickey_

Engaged Member
Mar 19, 2020
2,244
2,934
Good thing no sandboxes flagged this executable as malicious.

1665692237298.png

// EDIT: I just checked the calc.exe from Microsoft -- you should never use this (or trust it's developers) again! It drops random files, and I mean ! Oh hang on, those look very similar to those game.exe drops! Huh?

1665692699481.png

// EDIT #2: And now I will stop, sorry for being off-topic.
 
Last edited:

Nihil5320

Member
Jul 2, 2022
371
933
Good thing no sandboxes flagged this executable as malicious.


// EDIT: I just checked the calc.exe from Microsoft -- you should never use this (or trust it's developers) again! It drops random files, and I mean ! Oh hang on, those look very similar to those game.exe drops! Huh?


// EDIT #2: And now I will stop, sorry for being off-topic.
I would note that I explicitly ignored the malware detections on the first file and was looking purely at behaviours, automated dynamic analysis of malware isn't exactly great and will frequently result in false positives or false negatives so some manual review is required.

That said the above link you're responding to is an executable I created with a legitimate copy of RPGMaker, I wasn't expecting it to return any positives. Note how the behaviour differs to .

The only weird thing in that output from calc.exe is that it contains functionality that can detect a VM, but given the authors and lack of other suspicious behaviours I'm sure there's a legitimate reason for it. It drops no executables, doesn't deploy or modify any drivers, sets up no scheduled tasks, modifies no Windows services, doesn't modify any network/firewall settings and unsurprisingly doesn't really do very much at all.

If you want to keep having a prod at random stuff you're unfamiliar with or if you're convinced beyond reasonable doubt that the file is legit then knock yourself out. Personally I'll settle for just running it in a VM with PCI passthrough on the GPU.
 

Cabin Fever

Engaged Member
Nov 23, 2018
3,347
5,452
Aren't you guys always "laughing out loud" about people who don't read?
Thanks for proving that you don't read as well, and just want to hassle everyone!
  • the check wasn't executed on their own VM, but in a sandbox from an AV company/from virustotal.com
  • the checked file was 100% the game.exe from the most recent downloads available in OP
    (literally takes like 1 minute to check that yourself!)


Those are the most ridiculous and uneducated comments I've ever read when it comes to viruses/malicious code. Please learn how malicious code works before posting anything like that ever again! "Just because a million people downloaded the virus and nothing bad happened, this is safe!" -- ROFL!

But that's way to off-topic, so I will stop here...
Context matters. We didn't get a virus from the download but this guy claims there is one from the very same download.

As someone who's worked in IT all my life, including specifically doing virus cleanup on a large scale, I'd like to think I know what I'm talking about here.

So get off your high horse and stop taking things out of context.
 

Omnikuken

Conversation Conqueror
Feb 22, 2018
7,561
7,327
Context matters. We didn't get a virus from the download but this guy claims there is one from the very same download.

As someone who's worked in IT all my life, including specifically doing virus cleanup on a large scale, I'd like to think I know what I'm talking about here.

So get off your high horse and stop taking things out of context.
Just like every noodle ever ..... Oh wait
 
  • Haha
Reactions: Cabin Fever

Jimmyjamx22

Newbie
Donor
Jan 7, 2018
21
27
Quick question, i am the point where it says "does andrea have a problem with paul from channel 4 highrise?" i looked at the guide but i cant get into andreas house. am i missing something?
 

sixart

Conversation Conqueror
Jan 2, 2021
6,237
8,093
Context matters. We didn't get a virus from the download but this guy claims there is one from the very same download.

As someone who's worked in IT all my life, including specifically doing virus cleanup on a large scale, I'd like to think I know what I'm talking about here.

So get off your high horse and stop taking things out of context.
Just like every noodle ever ..... Oh wait
Oh no !!! :eek::eek::eek: You are headed straight at his ignored list !!! :eek::eek::eek:

Welp whatever... if you get a ( false ) virus alert then you are the problem ( and the junk on your rig ) Plain and simple :p
 

YU_XIAN

Active Member
Mar 13, 2018
511
74
in the OP?

sorry,Is it on the homepage?
My English is not very good, I am using GOOGLE translation now
 

JoeBeans

Member
Jan 9, 2018
376
231
in the OP?

sorry,Is it on the homepage?
My English is not very good, I am using GOOGLE translation now
There are video walkthroughs available on youtube:
. You want the ones from user HaremHero Always
 

Cabin Fever

Engaged Member
Nov 23, 2018
3,347
5,452
Oh no !!! :eek::eek::eek: You are headed straight at his ignored list !!! :eek::eek::eek:

Welp whatever... if you get a ( false ) virus alert then you are the problem ( and the junk on your rig ) Plain and simple :p
I couldn't care less if he puts me on his ignored list. More beer for me!
 
  • Haha
Reactions: sixart

sixart

Conversation Conqueror
Jan 2, 2021
6,237
8,093
There are video walkthroughs available on youtube:
. You want the ones from user HaremHero Always
Not just the video walkthrough is linked there but the picture walkthrough by GREG is also there... people are just too blind or lazy to figure things out for themselves... DDs video walkthrough is plenty enough btw. but folks scream for different shits :KEK:
 
  • Like
Reactions: Nerttu

sixart

Conversation Conqueror
Jan 2, 2021
6,237
8,093
in the OP?

sorry,Is it on the homepage?
My English is not very good, I am using GOOGLE translation now
OP means Originating / Original Post which means the very first post of the thread... there is every little bit of intel and help that one would need ! ;)
 
3.70 star(s) 250 Votes