Skip to main content

Browse GamesGame JamsUpload GameWinter Sale 2024Developer LogsCommunity
On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines
TheAesSha25637 days ago (4 edits) (-1)

The .EXE file named eternum-32.exe is tagged by an antivirus as malware, has multiple malware parents (hacked version of this game distributed online) and contacts malicious ips (tested in a sandbox enviorment by virus total tool).

Virustotal info:

https://www.virustotal.com/graph/62cb04500df8dcec7c13526799e0326108a9b54b9cbd1ff...

EDIT:

Tested it more thoroughly, multiple files get flagged by 2 antivirus providers, usually when u get 1/2 flags its a FP, still it shouldnt get any. Run this kind of games sanboxed, in a virtual machine or in an air gapped machine. 

EDIT2:

I also sanboxed it and seems fine so most likely a False positive, still i dont recommend running on the main machine, run only 0/0 scores and sandboxed with tools like sandboxie, malware can be tricky to catch specially with signature based software.

Reply
Tanxui37 days ago

Since Eternum is a top-shelf game, there are certainly malware infested versions of it out there, which are only very slightly modified. Could your virus software tell the original apart from the malicious one? I don't know. Even if a dev is 100% trustworthy, it's still possible that their accounts get hijacked and used to distribute malware, so a healthy sip of caution never hurts.

Reply
TheAesSha25637 days ago(+1)

Certainly, i tested his version though, the problem here is that some of the libraries, code templates or assets that he uses are also used in some malware, he should check that, i believe getting a score of 0 flags is important and even more important due to the fact that's top shelf. A score of 0 doesn't mean its safe but getting flagged while being one of the most popular its also not a good thing. As a bonus piece of intel: is extremely easy to by pass a signature based antivirus, if i take his game, add a comment in the first line writing the letter "a" the hash is complety different (signature based antivirus compare hashes with a huge database of virus hashes and if it matches then its a corrupted file). Behaviour based antiviruses are other thing but they are kinda hard to deal with (called Next gen antiviruses). Final thoughts, the file is most likely clean, but use sandboxie at least, its free and your data is very important, I personally use an air gapped old pc, air gapped means not connected to the internet.

Reply
TheAesSha25637 days ago

As a solution he should publish his game hash and make sure that everyone has access to it, if u download eternum then hash it, and the hash is different than the one provided by him means the download is corrupted.

Reply
Tanxui37 days ago

My zip file for the 0.7.5 PC version has this SHA256 hash, downloaded in April this year: ea0fa8e630dc1f368d400cc969b4169316b81eba2dadb35659b18dcd3a8366c0

Reply
Shadow2052337 days ago

Welp im not touching this game then. Then again, if u really want your pc safe, u cant connect to the internet ever which defeats the purpose.

Reply
quikbrnfox36 days ago(+1)

From your comment history, it is likely that everyone else will appreciate that.

Reply
AboutFAQBlogContact us
Copyright © 2024 itch corp · Directory · Terms · Privacy · Cookies