[ecaradec]

Antivirus are really stupid tools, but not that stupid. I said that from a time where I had to work around tools flagged by antivirus. Among stupid things they do are flagging a part of an executable, some nsis plugin flagged the whole package as virus as soon as you included them. I think they probably hash files by chunks, if you have too many bad chunks then you are a virus. A few bytes at the end doesn't change that.

[eyegor]

I'm not sure if it's still true, but it used to be that ~half of all antivirus would flag an executable if you compressed it with UPX.

[cinntaile]

You could sometimes bypass this by opening the file with a hexeditor and change a meaningless value. When UPX was popular there were also alternative file compressors that could also be used to sometimes bypass this issue.