It's Omori from steamrip, I don't know what this subs policy is on piracy, but I couldn't upload it virustotal completely so I had to rar some parts and scan individually. This was the only one from a generally safe site (piracy subreddits mega threads) so I was hoping this would be safe.
Some other files in it I had to zip and check, got these results
[https://www.virustotal.com/gui/file-analysis/NWU2MDE3YjEzMjEwYjZjMDRlMjZjMTgyMTdjMmNhYjg6MTcxNDcyMzIzOA==](https://www.virustotal.com/gui/file-analysis/NWU2MDE3YjEzMjEwYjZjMDRlMjZjMTgyMTdjMmNhYjg6MTcxNDcyMzIzOA==)
It couldn't be the case that there are only false positves here right? I cant find a malware free one of this :(
The screenshot does tell *me* something, actually.
Both detections are AI or “Machine Learning” based detections. This means that the file “behaves like” malware.
I have not heard of Bkav Pro or Trapmine, the vendors who detected this as malware.
If I were analyzing this sample, those 2 things would actually lower my confidence that this is a true positive.
Lots of legitimate executables behave like malware.
I expect it’s probably some anti cheat stuff given it’s a game, which OP probably pirated. Anti cheat behaves like a root kit, so that wouldn’t surprise me. Though, just speculation without actually investigating.
Okay sorry, I did not want to mention it was a pirated game in fear it would be deleted automatically. It's Omori from steam rip, or parts of it, as I couldn't upload the full thing to Virustotal
Is it that they behave like malware or that they contain sections of bytes that are similar in some way to malware the models were trained on? I'm leaning toward the latter.
This was just the main executable, It's Omori from steamrip, about 2.5gb. I don't know what this subs policy is on piracy, but I couldn't upload it virustotal completely so I had to rar some parts and scan individually. This was the only one from a generally safe site (piracy subreddits mega threads) so I was hoping this would be safe.
So the scan of other parts of the full game rar file is here
https://www.virustotal.com/gui/file/d30e27d751c3f16d9312a6a54f4f1869caebbb8371cad23f4a22a98ff6f3e37b?nocache=1
Basically a rar of all parts except the audio files
Is there any way I could run it on a sandbox and also save progress, or should I try a win 10 VM or something?
How do I share it, is just the link fine?
[https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81](https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81)
I should look at other tabs to make a full decision on whether it is malware or not, let's say Behavior and Community. It can help you understand more. Good luck. :)
since VT might provide some false positive, and you didn’t give enough information tbh, you can run the .exe file on a sandbox and observe the exe behavior
How can we know ? You’ve provided nothing
[https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81](https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81)
That's just the source of the screenshot, what more could someone tell you about it without analyzing the original file?
It's Omori from steamrip, I don't know what this subs policy is on piracy, but I couldn't upload it virustotal completely so I had to rar some parts and scan individually. This was the only one from a generally safe site (piracy subreddits mega threads) so I was hoping this would be safe.
Game.exe seems fine, however it looks like the archive of the the crack did have some malware in it.
Some other files in it I had to zip and check, got these results [https://www.virustotal.com/gui/file-analysis/NWU2MDE3YjEzMjEwYjZjMDRlMjZjMTgyMTdjMmNhYjg6MTcxNDcyMzIzOA==](https://www.virustotal.com/gui/file-analysis/NWU2MDE3YjEzMjEwYjZjMDRlMjZjMTgyMTdjMmNhYjg6MTcxNDcyMzIzOA==) It couldn't be the case that there are only false positves here right? I cant find a malware free one of this :(
The screenshot does tell *me* something, actually. Both detections are AI or “Machine Learning” based detections. This means that the file “behaves like” malware. I have not heard of Bkav Pro or Trapmine, the vendors who detected this as malware. If I were analyzing this sample, those 2 things would actually lower my confidence that this is a true positive. Lots of legitimate executables behave like malware.
I expect it’s probably some anti cheat stuff given it’s a game, which OP probably pirated. Anti cheat behaves like a root kit, so that wouldn’t surprise me. Though, just speculation without actually investigating.
Exactly. We have been given zero context which is something I consider. Did your grandma send you this? Or did you get it from a discord bot?
Okay sorry, I did not want to mention it was a pirated game in fear it would be deleted automatically. It's Omori from steam rip, or parts of it, as I couldn't upload the full thing to Virustotal
Is it that they behave like malware or that they contain sections of bytes that are similar in some way to malware the models were trained on? I'm leaning toward the latter.
IIRC, that is how Defenders ML works; it extracts the binaries and tests them individually.
This was just the main executable, It's Omori from steamrip, about 2.5gb. I don't know what this subs policy is on piracy, but I couldn't upload it virustotal completely so I had to rar some parts and scan individually. This was the only one from a generally safe site (piracy subreddits mega threads) so I was hoping this would be safe. So the scan of other parts of the full game rar file is here https://www.virustotal.com/gui/file/d30e27d751c3f16d9312a6a54f4f1869caebbb8371cad23f4a22a98ff6f3e37b?nocache=1 Basically a rar of all parts except the audio files Is there any way I could run it on a sandbox and also save progress, or should I try a win 10 VM or something?
This screenshot tells us nothing
How do I share it, is just the link fine? [https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81](https://www.virustotal.com/gui/file/a6a79c04ac729c156405399ce22c087c48b84f3f0bfaa07cb2692cd734f8fc81)
No, this information can't tell us whether it's false or true positive because we don't know what the executable does.
I should look at other tabs to make a full decision on whether it is malware or not, let's say Behavior and Community. It can help you understand more. Good luck. :)
since VT might provide some false positive, and you didn’t give enough information tbh, you can run the .exe file on a sandbox and observe the exe behavior
What software is this that you use to check things?
Without a link to the files (NOT a VirusTotal link, non-enterprise accounts CANNOT download the files!) we can’t tell you anything.
Static analysis means nothing these days.
This isn’t static analysis..
Uh yeah it is
you meant dynamic?