[tyingq]

Hard to say, since we have no idea how the antivirus vendors are identifying nim. Maybe there's something about the fact that nim compiles to C which is then usually compiled by mingw? (You can use compilers other than mingw, but it's the default).

Mingw might have a higher weight for "this is malware". Then you combine that with nim generating code that's common across most nim binaries (the GC, boilerplate symbols, etc).

Then there's perhaps not enough positive signals to offset that, since there's not yet a wildly popular windows app written in nim.