I did something stupid, need advice

[Tom25 0]

I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file:

 

https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2

 

IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:"

 

20.99.132.105:443 (TCP)

20.99.133.109:443 (TCP)

20.99.184.37:443 (TCP)

23.216.147.64:443 (TCP)

 

Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised?

 

[JoeBlack40 0]

I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean.

[alphayash 0]

4 hours ago, JoeBlack40 said:

I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean...

Thanks for your answer, I will download Norton Power Eraser and other apps 

[itman 1,629]

16 hours ago, Tom25 said:

Here's the scanned file:https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2

The products detecting this anti-cheat software at VT are the one's that employ behavior monitoring to a large degree. It also appears most of the detections fall in the PUA/grayware category which is appropriate for type of software.

The bottom line here is the software per se most likely does not perform malicious activities in regards to your Windows installation. This does not mean that using this software is 100% safe and comes with other risks such as marketing claim misrepresentation and the like.

Edited January 21 by itman

[Nevermind 8]

The only reputable AV detecting this is Sophos and even it says its just PUA. You probably cannot see it since you do not have VT account but this file was firstly scanned in 2020 and submitted to VT for over 200 times since then. Stay calm  

Edited January 22 by Nevermind

[Nightowl 198]

On 1/21/2023 at 1:31 AM, Tom25 said:

I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file:

 

https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2

 

IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:"

 

20.99.132.105:443 (TCP)

20.99.133.109:443 (TCP)

20.99.184.37:443 (TCP)

23.216.147.64:443 (TCP)

 

Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised?

 

You better stay away from applications like this , because they have no use , if you don't have cheat software then you don't need to have a checker for them

And even if the app was legit , it would just scan for known cheat apps exe etc..

You can see that most of the detections that came in VirusTotal , is decided by AI , better to stay away from it

[Nightowl 198]

Aaa , I can read about it here

If some clan requires it to be able to run their server or matches , it is different , but still I don't know if the app is legit , but seems that their website is old and not new or fake but still I wouldn't like to run those things

Each game has it's own Anti-Cheat programs , it should do the job from their side