It is the missing "all three versions came from the same link over a period of time" from your first post was why I questioned the source.
Aside from what I have already said, other antivirus applications checking other antivirus applications, could consider files possibly suspect.
However, since the AVs making these detections I wouldn't call first line (Yandex, I can't recall whose AV they bought/use) and Kaspersky nor Dr Web see it as infected on any of the links you gave.
So I personally still consider it an FP.
A check on whose AV engine is used by Yandex returns
To detect malware, Yandex relies on two technologies: the Sophos antivirus software and the company's own proprietary antivirus technology. The Sophos antivirus software, based on a signature approach, uses predominately the database of already known virus signatures to identify the existing codes as malicious.
Yet Sophos doesn't detect it in either of the VT results.