Yeah, I'm inclined to agree. The binaries were probably built by mingw and I've seen "hello world" get flagged by virus total when built by mingw.
If it is the binary itself making those calls (and not the OS), then anyone with a little bit of reverse engineering experience should be able to prove it and post the assembly.
Edit: I was wrong about the build toolchain, they were built by visual studio, see comment below.
the virustotal report shows the output from detectiteasy in "Details" -> "Basic properties":
DetectItEasy
PE64 Compiler: Microsoft Visual C/C++ (19.14.26715) [C++] Linker: Microsoft Linker (14.00.24241) Tool: Visual Studio (2015)
this is not meant to imply anything about whether the binary is malicious or not.
If it is the binary itself making those calls (and not the OS), then anyone with a little bit of reverse engineering experience should be able to prove it and post the assembly.
Edit: I was wrong about the build toolchain, they were built by visual studio, see comment below.