If you have met with an FP, it could be one vendor to flag it, but certainly not fourteen.
Now 17 to detect it, malcode as an adware trojan.
Is someone trying to check it could go under the detection radar?
Moreover that file is not signed. Is this executable the real McCoy.
Were you duped through fraud to check it or is this a deliberate action?
Consider also: 2 matches for rule Creation of an Executable by an Executable by frack113 from Sigma Integrated Rule Set (GitHub) Detects the creation of an executable by another executable
polonus