Is Plants vs. Zombies (PvZ) β/Beta/Brutal mod v6.66 safe?

[HexagonT]

VirusTotal - File - 81514801979f8e7241321690eae7cd037e5c260e4ba1d110b9bbf1f936071ac4

VirusTotal reports that 30/59 antiviruses flagged the mod as malicious. However, Malwarebytes and Kaspersky don't detect it.

I can share the file if needed. I still haven't opened it to be safe.

Edited October 27, 2023 by HexagonT

[David H. Lipman]

You submitted a ~48MB RAR to Virus Total.  It is not the Archive file ( ZIP,  RAR, 7zip, etc ) that you send to Virus Total.  It is the file or each file within the Archive file you send to Virus Total for a report.  Sending the Archive file skews the results and the data generated is based upon the archive container and not the malware or suspect files themselves.  There are heuristic detections that are based solely on types of files in an archive.  There could be many files in that RAR or it could be one or a few.  The only time an Archive should be submitted is when the file is a bloated EXE and it exceeds the maximum submission size of Virus Total but is compressible in an Archive such that it no longer will exceed the maximum submission size of Virus Total or when you know there are so many files in the Archive you just want to get some overarching idea if there any at all detections. 

There are so many variables here.  It could be case where there are many files and only one is really malicious.  It could also b a case that an EXE is using some exotic packer that triggers detections.  Use of exotic packing software is used by malware but it is also used by game writers to obfuscate proprietary game coding.

One can not give such a determination on that basis.

 

Edited October 24, 2023 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[HexagonT]

Thank you David! Inside the RAR, there are 3 files which look unpromising.

[HexagonT]

Quote

used by game writers to obfuscate proprietary game coding

Most antiviruses did mention the word "enigmaprotector" in the threat name.

The Enigma Protector Avast WEBforum https://forum.avast.com › ...

Edited October 24, 2023 by HexagonT

[David H. Lipman]

https://enigmaprotector.com/

Quote

• File Protection

  A range of features and technologies to help protect the executable file from hacking, analysis, modification and disassembly. A Virtual Machine technology enables part of the application and protection code to be executed in its own virtual CPU, which makes the code practically impossible to analyze.

 

[HexagonT]

So, it's likely safe?

[David H. Lipman]

I am not going to weigh in one way or another on its safety.

[HexagonT]

Quote

use of exotic packing software

I'm curious, what is a packing software? I searched up, but it only showed "software package" or "Packaging Software" and there seems to be no reliable explanation except Software package Wikipedia https://en.wikipedia.org › wiki › Softwa...

[David H. Lipman]

It is a generic phrase that represents a type of self extracting archives and file protectors.  It could be as simple as UPX or more complex like enigmaprotector.  I modified the term with "exotic" to represent those that are not as well known as something like UPX.

UPX - Ultimate Packer for eXecutables.

https://encyclopedia.kaspersky.com/glossary/packer/

https://www.malwarebytes.com/blog/news/2017/03/explained-packer-crypter-and-protector

Edited October 24, 2023 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[HexagonT]

If anyone is interested, this is where I got the mod:

https://www.youtube.com/watch?v=cDAm8SUycBk