https://www.virustotal.com/gui/file/df2953ab1e280fc45b88b3cd40f4eb3c2fe64325b384...
The file has more vendor flag than many other file I downloaded on Itch:|
Try some renpy or godot games. Even rpgmaker gets flags often.
The git.exe itself inside the zip will trigger 4 instead of 3. And different ones at that. Think about that. And the git 135 will trigger 2 other ones. Virusscanners do not like interpreters much.
Which is a huge problem for indie games. Whom to trust.
The website links to the itch, the itch to the website, and to the discord. The discord to the website. There are thousands of people on that discord. I believe it is safe to say, this is not malware.
Sorry, I can't answer, because my rig got hacked and is busy mining coins. Blame those thousands of people on the discord. They must be all in on it.
Joking aside, this is about trust. This is the official Itch and it is the official site and discord. They are crosslinked to each other and it is a discord with several thousand people. The biggest threat would be an impostor site or a recently hacked developer account.
If you want to see a lot of red, look at this
https://www.virustotal.com/gui/file/5b489c671f8d52d5a33e95e27b8dc4b3de0690589756...
It is git 138. I have never seen a report with 58 triggers before...
This game needs an interpreter to run. A virtual machine basically. The format is called glulxe and you need an interpreter that can run those files. Arrive there by indipendent internet search and you will find things like this:
https://davidkinder.co.uk/glulxe.html
With the foot note of
Also available is a Windows port of a faster Glulx interpreter, called Git. This uses the same Windows I/O layer as Windows Glulxe, so it looks the same, but it plays games up to five times faster.
and links to https://github.com/DavidKinder/Git/releases/ with the above git 1.38 that currently triggers a whopping 58 scanners.
I do not know which is "best" to run the game. git 1.35, the custom git from tq, git 1.38, any other grulxe interpreter. But they all trigger something on a scan on vt. Interpreters do things, that scanners do not like.
To answer your question: nothing out of the ordinary so far. The game itself is a bit sluggish, which I assume is the reason for the custom made git version. The engine is like 20 years old and does not utilize modern hardware. It barely uses one of my cpu's cores and a tiny amount of ram. Browsing this website here takes up more ram than the game. A lot more.
You do good to be suspicous, but I have seen malware here that did not trigger anything on vt and a lot of legit games that do trigger. With common engines no less. One would think that the likes of renpy, godot, rpgmaker and all the others are well known to the virusscanners, but apprantly, nope. They are triggerhappy, which is a huge problem, because how does one know if it is the usual false positive for godots exe packing or a real virus.
So do not rely too much on vt. Establish trust to the developer's page. Is the account hacked? Is the game available at other places? Do those places link to the same Itch? And so on. Oh, and the crosslinking is important, I have seen impostors link to the patreon of games. And sadly not all devs link back to their Itch, so a missing link is not even a sure sign of anything.
Sorry for elaborating so much. It was just so obvious in this case. It is good to be careful, and very worrying how much this interpreter triggers. And some game engines in general.
But yeah, the game itself lags af. It is 20 years old tech. That means single threaded and limited memory usage. I could pamper the game with literally a hundred times it's current memory usage. And about 10+ times the cpu load. If you do certain things it even locks up sometimes for a few seconds.
A freshly loaded save games and doing nothing: the game takes up 0% cpu and 113MB. And I need about 2-3 seconds to go from room to room, while the single core it uses barely gets used to 50%. This normal?