This antivirus (AV) discussion seems to be similar to when
BannedHeresy™ uploaded newlife version 8.3. See posts
#4,362 and
#4,363.
Looking at the VirusTotal link in your post, the only two security vendor (out of 34 total security vendors listed) that flagged the file as having a trojan are
You must be registered to see the links
and
You must be registered to see the links
. For the Hybrid Analysis link, the only vendor that detected something was
You must be registered to see the links
which
BannedHeresy™ explained in
#4,363 that " [ sets-process-name | detect-debug-environment | long-sleeps | checks-user-input | contains-pe ] flags" might've set off the AV programs. I don't know what means exactly, but it seems relevant to a possible false detection by AV programs.
All other vendors like MalwareBytes and Google in the VirusTotal link didn't detect anything, and I am hoping that they're more thorough/reliable than Bkav Pro, Skyhigh, and Zillya! because they're bigger names.
There are some other stuff for the Hybrid Analysis link's "Falcon SandboxReports." There, the malicious indicator is related to "writes data to a remote process" with the details being: "newlife.exe" wrote 00000004 bytes to a remote process "%PROGRAMFILES%\(x86)\Java\jre1.8.0_161\bin\javaw.exe" (Handle: 552)." HybridAnalysis also says in a blue banner that "Not all malicious and suspicious indicators are displayed. Get your own
You must be registered to see the links
or the
You must be registered to see the links
to view all details." No commentary on this from me here; just pointing it out in case anyone who knows better can explain.
I'm not too worried about the alarm bells set off in the VirusTotal and HybridAnalysis links. I'm still a bit concerned about the two people who wrote that Microsoft Defender Antivirus detected a virus, but it could be for the same reasons that triggered the other security vendors in VirusTotal too.
I also ran a MalwareBytes rootkit scan on my computer after reading your post and nothing turned up. Not to say everything is fine, but it seems unlikely.