VirusTotal and Hybrid Analysis Positives

[67f0b83163722Tahlia]

Hello, I'm pretty meticulous with programs I download and so I popped SS2 Tool (latest build) into virus total and was surprised to see 2 positives, one claiming Trojan:Win32/CrisisHT malware, I'm aware mods sometimes come under fire from antiviruses, so I popped it into Hybrid Analysis as well, with a similar result. It's classified malicious by the Falcon Sandbox reports with the same Trojan:Win32/CrisisHT. I understand this as SS2T's official download site - I was taken here by a steam community page for modding SS2, I know its probably a false flag, I'd just like some more info/clarification - cause I'm an anxious worry wort. I can also provide images if need be.

Thank you for your time!

[67f0b83163974voodoo47]

very sure it's a false positive (the tool modifies stuff, connects to the internet and does things that are usually considered suspicious). @Kolya can probably give you a few details.

[67f0b83163a6eTahlia]

I thought so, also best to let the devs know, I understand there have been false positives in the past too.

[67f0b83163c13Kolya]

I can't say anything more than what voodoo already said. I don't know how these programs work exactly, so I can't tell you why SS2Tool gets marked. I guess because of heuristics that jump on SS2Tool downloading files from our server.

Your best course of action is to send the developers of those antivirus programs a false positive notification. They will take a closer a closer look and possibly remove the positive. 

[67f0b83163d62voodoo47]

it's pretty similar to when I send an AnyDesk link to someone who needs remote support, everything on that computer will be screaming bloody murder, as normally, clicking email links to executable files and running them to give full control of the computer to somebody else is exactly what you shouldn't be doing.