Yeah executable compression will generally flag AV, as it nearly universally used by all kinds of malware.
