Just wanted to say thanks for response!
But an installer for a viewer that is signed, makes much more sense, instead of sending "random.exe" files.
Especially for us IT dudes regarding safety issues
And yes, AV software looks for patterns and sometimes get a false positive - we use Symantec.
(and as you can see in the link in the first post, three other AV finds something as well)