What's the point of this test? It honestly seems like it's a waste of your time doing it.
That said, I can understand why it got flagged. Those scanners typically rely on 3 things to flag suspicious files. First is definitions of known viruses and malware. The second is patterns and practices used to hide malicious code (such as an exe hidden in a zip) and third is what I'd like to call the "WTF Factor" where if something doesn't look right it probably isn't. IN this case, if I were writing the utility I'd see an exe "only" installing two blank text files and go "that can't be right, it's hiding something else in that exe" and flag it.