Well, I've run Systemus.exe through PE Studio.
So, we get baddie-points because
- it is a compile ahk file "which contains another file" (that's how it works, so this is false-positive)
- we access wsock32.dll, winmm.dll and psapi.dll
- we get the computer's hostname -this gets lots of points
- we get file version information - this gets a lot of points
- we fetch network information - this also gets lots of points
- we have a "suspicious" amount of imports (of course, because it is a command center!)
- we reference "a url pattern" (link to https://autohotkey.com
in the credits page; but other links have no flags!)
- we get points for having "manifest identity" as AutoHotkey
So, basically, in fetching our system information, and by offering some of the flushing/clearing routines (see the "command" section in the help file) we do many of the things little baddie programs would do, except we aren't.
Via PE Studio, I'm getting 23/69 on VirusTotal, being flagged by many, but not at all by Kaspersky, Comodo, TrendMicro, AVG or Malwarebytes! haha! We get flagged by McAfee, Symantec, Fortinet, Microsoft and a bunch I've never heard of.