Anonymous edits have been disabled on the wiki. If you want to contribute please login or create an account.

Warning for game developers: PCGamingWiki staff members will only ever reach out to you using the official press@pcgamingwiki.com mail address.
Be aware of scammers claiming to be representatives or affiliates of PCGamingWiki who promise a PCGW page for a game key.

Talk:Sonic Adventure DX

About this board

Not editable

Content is available under Creative Commons Attribution Non-Commercial Share Alike unless otherwise noted.

Start a new topic
You are not logged in. To receive attribution with your name instead of your IP address, you can log in or create an account.

"SADX Style Water" and "Time of Day" mods taken down?

2 comments • 17:35, 4 September 2023 17:35, 4 September 2023
2
Gm2000 (talkcontribs)

Did anybody notice that? Have they been merged with other known mods or something?

09:56, 4 September 2023 09:56, 4 September 2023
Amethystviper (talkcontribs)

SADX Style Water I think was considered deprecated on the mod's Github if I recall correctly. Don't know about the Time of Day mod, though.

17:35, 4 September 2023 17:35, 4 September 2023

SADX Mod Installer

2 comments • 08:53, 28 April 2022 08:53, 28 April 2022
2
Paynamia (talkcontribs)

Since the latest version, VirusTotal is reporting that SADX Mod Installer contains a bundled malware spreader. It's been consistently detected by a majority of their AV vendors. PKR has been informed.

This is the SHA256 for sadx_setup.exe. It can be used to access the VirusTotal page. The offending file is under "Bundled Files": c42d96bb0c3f2126d763dc14cc53aa1ae609892f468dd9bba80c09c172a1fadb

This is the SHA256 for the detected file: 3cfa885d1a41e96f03a7261e29544da25da2f1138fcb4a1b295b2ccfcdee5c0d

Edited 08:53, 28 April 2022 08:53, 28 April 2022
Paynamia (talkcontribs)

After digging through the analysis, I've found this:

541c6aa57ddd7da0c6902aa1e92155eb.virus seems to drop and execute various files, including what seems to be an infected copy of Chocolatey which drops this executable disguised as a changelog, an executable called Zombie.exe which is dropped into the system folder and is also dropped by various other *.virus files, a fake version of an Acrobat Reader installer, and a couple of executables disguised as log files.

Along this web there are various outside connections to seemingly-random websites, various IPs, several bitcoin-related URLs and many connections to trojans purporting to be things like Acrobat Reader, logs or temporary files.

None of this seems to happen when running the installer, though.

Edited 07:09, 28 April 2022 07:09, 28 April 2022
There are no older topics