Clean file from attacker IP or rightly alerted?

Viruses and worms
1

See: https://www.virustotal.com/pl/url/1d8522c58f24780b05ca63581d01e602fdfff481ed3b5a28db79e8338a79625d/analysis/1500478602/
and https://www.virustotal.com/pl/file/97dfcae8909c23ca43e2b251611dbb38235e8a89f2bfefdbb32c9d8f380c819a/analysis/1500450572/
give it the all green. Consider: https://www.virustotal.com/pl/file/97dfcae8909c23ca43e2b251611dbb38235e8a89f2bfefdbb32c9d8f380c819a/analysis/1500450572/

Then also consider IP info here: https://cymon.io/94.242.254.9 & earlier dictionnairy attacks: http://www.projecthoneypot.org/ip_94.242.254.33

IDS alerts seen here: http://urlquery.net/report/66a5ae26-62ed-4610-9212-339bda8a511b

polonus