Many antivirs and protection software is basing on assumptions[1] and heuristics[2], some are based on users reports[3]
1.
a) in example file is hosted on unknown website, so it's automaticaly marked as unsafe (stupid isn't it?)
b) no digital signature found so it's marking file unsafe (yet another retarded reason)
2. it scans for known code parts and mark the file as virus/trojan if it finds its small (partial) code in antivir database when scanning the .exe. Sometimes few bits is enough to create a false-positive.
3 .there are always "special" users that mark a file because they have a bad day or like to troll, or for whatever reasons they had, and it ends up like that.
If it comes to the smart screen i's usually case number 1.