itch.io

Virustotal also runs these in virtual machines. That game does connect to a "suspicious" url. Which is a false positive, if you dig around. But even with that connection both the vm that run the game zip they do not report it as a malicous app. Jujubox has 0 findings and Zenbox some minor noise, including those suspicious url. You will find threads about malwarebytes from around 2023 where they removed that. And the file is from 2021 and is not detected by my malwarebytes.

Curiuosly the single exe report look vastly different. It also did not disguise itself as ashampoo snap on my system. It had regular info.

But it will get removed by my windows defender... so there is that. It's finding is a heuristic, but it does do that even if you only upload it to virustotal. I would imagine an actual virus that was out in the wild for 3+ years would not get a heuristic, but a specific positive.

But again, that is not proof for anything. The virustotal vm practically never report the actual malware that I try. And I know it was malware because of context. For example seeing the original zip at a credible source and the fake file on Itch and the fake file is a bit larger with the same version numbering.

And even legit devs with good intentions could unknowingly spread software that damages a system or even is infected. So better be on the safe side.

As for rpg maker and false positives, yes, there are such. I have seen such for practically every common game engine.

If you look about game devs complaining about this, you will find this and similar. No need to try out random rpg maker games.  https://forums.malwarebytes.com/topic/282043-game-executable-detected-as-false-p... 

 Now what does all this leave us at? After reading here https://itch.io/post/5809139 I kinda know why you do not find current socials and the Itch activity is about 3 months old and your found suspicous game is about 4 years old. Anyone actualyl interested in that game should try the browser versions that are on those developer accounts. I would not trust that game developer with exe files. Not as much that I fear an intentional virus, but because of sloppy developer machines, "clever" code obfuscation and whatnot. Not that I even could play it on my system, even if I wanted to, as the defender quarantines it promptly.

To clarify, I mostly talk about the general case. A positive or a negative is not enough to be sure either way. 

In this specifc case, I do not think the developer uploaded a virus intentionally, but I am half and half that the file might be compromised anyway. Professional malware uploaders act differently in my experience. They would also promote their virus more and not upload several other games years later. And browser games at that.

The casual windows gamer should be safe from this one. Not only is your virus warning still there, the windows defender's heuristic currently quarantines that game.