VirusTotal false positive?

[CubicApoc]

I'm paranoid enough to VirusTotal just about every random .exe I download, and this one was no exception. 3 out of 75 engines detected it as malicious, and 2 of them registered it as a trojan. On at least one of the sandboxes, it apparently opened a bunch of .exes (maybe the sandbox included them as malware bait?) and dropped a bunch of temp files and a Google Updater. This is probably all benign, but I don't quite have the patience (or the C# literacy) to check the code myself and make sure. This program looks really cool and I want to give it the benefit of the doubt, but my inner nutjob just won't let me.

[GMMan]

Dunno where you're downloading from, but the builds on GitHub were packaged directly from what was built in Visual Studio. You can download VS and build it yourself as well. It only uses Steamworks.NET as a dependency.

[CubicApoc]

I'm downloading it directly from here, v1.0.0.0-alpha-3 to be exact. I've seen some posts about VS-built programs pinging servers with mysterious domain names that all ultimately seem to be related to Microsoft one way or another. Some kind of telemetry or something. I'm guessing Steamworks.NET is responsible for the Google Updater, then, and I really am just reading way too much into a false positive. After all, none of the big antiviruses caught it despite this build being out since 2017. If it was malicious, they'd've'd plenty of time to notice it.

[GMMan]

I don't know why you'd see Google Updater unless that was already installed on the test machine, in which case the test machine was just set up badly. You can rebuild the binary yourself if you do not trust it, although you'll probably have to update the .NET version and replace Steamworks.NET with a NuGet version because this code is very old and built back in the days .NET Framework 4.5 was still in support.

[CubicApoc]

I have no idea how VirusTotal sets up their sandbox machines, so that updater very well might've already been there. As it turns out, ultra-late-night me is apparently much more paranoid than early-afternoon me, so I just went ahead and ran the program and so far nothing's exploded. It's not showing all the files that Steam does (https://store.steampowered.com/account/remotestorage) but it is at least getting some of them. For example I can see my GMod spray but not my Skyrim or Half-Life saves.