Anti-Virus going crazy... iCloud-related system file is Windows Trojan?

[iWin32]

This is starting to drive me crazy... About every 20 minutes or so, I get a notification on my Hackintosh saying that my Anti-Virus software (provided by my ISP, I believe it is based on F-Secure) found a harmful file and trashed it.  The thing is... I'm 95% sure it is harmless, but I can't tell for sure because of weird permissions issues.

 

The file name is always different, but the "extension" and path it was found in is always the same: /Users/(my_username)/Library/Caches/CloudKit/com.apple.bird/com.apple.CloudDocs/9fadf220be21a0ed291ebfea5f836e034473cd93/Assets/*.012332936e2fc5312218189715d7e9cae7f12c1a96 (Where * is always a seemingly random UUID, and it is a different UUID each time this "infection" is detected)

 

According to the Anti-Virus software, it detected it as Malware.BAT/DisableMouse.B, but when I click on more info, it instead takes me to a page about a different Windows Trojan (It must be old, as the screenshots show it infecting a Windows XP machine): https://www.f-secure.com/v-descs/trojan_w32_killwin_ar.shtml  Now, as I stated before, I think it's a false positive.  But I can't even read the file to be able to do anything with it, let alone determine if it is really malicious.  Whenever I try uploading the trashed file to VirusTotal, it shows a progress bar that simply stays at 0% forever.  Furthermore, if I try to calculate a checksum so I can look it up on VirusTotal that way, I get a permission denied error.  By default, it gives my user read-write permissions but denies any permission to anyone else.  Even if I adjust the permissions in the terminal and run it as sudo, I still get a permissions denied error.  The owner of the file is my user account, and the group it is associated with is Staff.  Moving it out of trash makes no difference, and even then it'll only be a matter of time before my AV software finds it again and re-trashes it.

 

Any idea what could be going on here?  I've been running High Sierra on this system for almost a year now and this only started happening recently.

[iWin32]

Okay... Crazy update.  I rebooted my computer into Windows and used HFS Explorer to attempt to extract a sample to examine it from Windows.  And without fail, Windows Defender also recognized the file as malicious.  I then removed the file from quarantine and uploaded the file to VirusTotal.  Many other AV files also regarded it as a Trojan: https://www.virustotal.com/gui/file/52bc0da3f9c822afd463813264181b8174c9f5260154357ff064ca3646b4a564/detection

 

Noticing how the previously uploaded sample had the .txt extension, I opted to open the file with Notepad.  Indeed, it was a .BAT file.  It appears to be a command prompt script that, among other things, switches the mouse buttons (i.e., left-click becomes right-click), edits the registry, and disables any kind of Anti-Virus and the built-in Windows Defender security in Windows.  So it's far from a false positive.  But what remains to be seen is WHY is it mixed with iCloud-related system files, why it keeps being added to my filesystem for the AV to detect it, and what purpose would it serve on the MAC operating system?  I have a feeling I will never know...