I agree with what everyone has said. I have written programs in Python (which this program is written in) and have never, once, received a notification from any antivirus programs I've used or run them through that "hey, this is a virus....". I can see how the packing would cause the antivirus software to consider it harmful, but all the software has to do is look at the files the program is extracting to determine what itsdoing. I ran the program in a sandbox, in fact. (Surprisingly, NVDA was able to inject itself into the sandboxed program, which may or may not be a security risk to the system, since if a program managed to inject itself into NVDA,it gets access to the rest of the system; but that's presupposing that this program is capable of breaking out of the sandbox in the first place.) I noticed no unusual or strange behaviors, but I did not run it for a long period of time, perhaps about 1-2 minutes. (I even installed it in the sandbox, to ensure 100-percent complete isolation, in case the setup file contained malicious Pascal code.) What I found, upon exploring the sandbox, was... interesting to say the least. In summary:
* This program was written in Python 3.6. I don't know the patch version.
* The program had the following programs that it seemed to be a wrapper for in its installation directory:
1. ffmpeg, A complete, cross-platform solution to record, convert and stream audio and video.
2. ffprobe, apart of ffmpeg, which gathers information from multimedia streams and prints it in human- and machine-readable fashion.
3. youtube-dl, a command-line program to download videos from YouTube.com and a few more sites.
Strangely, I also found a plugins and locale folder. The locale folders function was obvious to me, but the plugins folder was not. Upon examination, there were well over 30 DLLs and other libraries within that folder, with no obvious function I could determine. Searching the ffmpeg website, it has no concept of plugins, and neither does youtube-dl; in other words, those plugins were not for either program (and youtube-dl and ffmpeg were the only programs it wrapped, besides ffprobe, which is apart of ffmpeg). This makes me even more suspicious, and raises some interesting questions.
First, what are those plugins for? Is their source code available to the public? Are they well-known?
Second, why are those plugins there? Do they actually serve any function, or are they, in fact, malicious?
* Other than that, I found nothing odd (other than the fact that the program was written in Python 3.6, and uses pyinstaller, which is poor obfuscation practices if your trying to hide malware or other forms of harmful software, unless their contained in the "plugins"). Perhaps I'll reinstall it in the sandbox and attempt to decompile it and look at its code.
"On two occasions I have been asked [by members of Parliament!]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out ?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." — Charles Babbage.