I have two Steam games that exhibit suspicious behavior. Validating the files fails on the game executable. If I validate them again, they fail validation on the executable again.

From my investigation I'm seeing that:
- Steam downloads the "correct" executable (it's in VirusTotal database and goes way back)
- After downloading, Steam overwrites it with the suspicious executable about ten seconds later. I've verified with ProcMon that Steam is the program overwriting the original with the suspicious one.
- Each time it happens the suspicious executable it produces is different.

The two games this happens two are XCom: Enemy Unknown and The Bureau: XCom Declassified.

The suspicious executable: https://www.virustotal.com/gui/file/4caa0da2c8506550eacd06bda8f5b3c3ee701ad775e40a80175942646ed5ad0d/behavior

The executable before it gets rewritten: https://www.virustotal.com/gui/file/1ed7d15e66e35d8b65be75a5fe767f25b63f8d47d84d4c8a3dffcd48410531ed/details

According to this report, the suspicious exe is signed with an expired certificate: https://www.hybrid-analysis.com/sample/4caa0da2c8506550eacd06bda8f5b3c3ee701ad775e40a80175942646ed5ad0d/6740e165394f1299ae05ae33

Either I have a virus that's doing this or this is some bizarre form of DRM that Steam applies to the executable after it downloads it.

I have not found any other games that exhibit this behavior.

If anyone has either of these games on windows, could you please try verifying your files and tell me if they also repeatedly fail to validate for you.

Any other help would be appreciated.

Edit: Forgot to add. Of course I scanned my system, the files, and the Steam folder with windows defender. Nothing was found. I also uninstalled and reinstalled Steam. The strange behavior continues.