For giggles I actually downloaded the pack. On the most cursory review I noticed that there were 20 instances of Webroot SecureAnywhere. 17 of these were an identical file signed by Webroot on Jan 16, 2017; the other 3 were the same app with a signature from Jan 3rd. Both of these were detected by either ClamAV or Rising/Jiangmin and nothing else (perhaps it was the UPX packer?). By the way, none of the 3 scanners mentioned are exactly considered Bulwarks of malware detection!
First off, let's concentrate on the 3 identical files, all with the SHA256:
c290e5e39b0f74f5f97d8accd2c202873ecb7e58e7fae289842d28e6a0983290
Now, go to the text file of VS's detection log (seen in Post 98) and do a search for the above- you will see that 2 were allowed and 1 was blocked- and this with all files being identical!
For the other (17 samples) with the SHA256:
b32753162fa9fba8771e302675ec5739aa3925f19ae0871dec32e9d27933082d
Half were Blocked, half Allowed (8 to 9).
Isn't that curious?