Avira AntiVir Personal
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]

Version information:
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 12:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 15:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21.03.2008 21:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25.03.2008 10:27:50
...

Starting the file scan:
Begin scan in 'C:\A\WinSxS\services\Documents\Fasm\examples'
C:\A\WinSxS\services\Documents\Fasm\examples\ddraw\ddraw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

What is this?

my fasm is 1.67.26 for win

First check that your copy of ddraw.exe has not been altered. If you find it is still the original ddraw.exe included in the zip then change to a different anti-virus program that doesn't give false reports.

http://www.virustotal.com/ru/analisis/93c339b90c464c78012bc1faf6eaa112

F-Secure - - Suspicious:W32/Malware!Gemini

But AntiVir this quiet!

I download again fasmw16726.zip new and now from
http://flatassembler.net/download.php
result:
http://www.virustotal.com/ru/analisis/594c9461e575716e0e16a63362985716

It appears as if heuristics are catching false results here, it happens to me a lot when I'm writing stuff that includes injecting to another process or similar (specially if I call functions such as CreateRemoteThread() in win32 which almost always gives me a red flag while compiling (it's annoying, actually - I setup my dev dir to the scan ignore list and it still scans it from the running processes or memory...)

And all this due to some jackass using similar code patterns to fulfill their malware dreams... I would literally kill them with their own keyboard if I could.