Unfortunately, the EXE for every perl script I provided was detected as a virus by the other system. Even an empty file!!!

The next step is to try a fresh strawberry perl installation on another fresh VM. Probably my WinXP was infected, because I recall that I used it as a honeypot years ago.

"Probably my WinXP was infected, because I recall that I used it as a honeypot years ago."

Yikes, not a good idea to develop on a system lime that :p

I work in security and have found pp par packed files that drop bitcoin and monero miners as well as a remote access trojan. The user created perl script is extractable and benign and the malicious code appears to resided somewhere outside of the user script, although I've not identified specifically where yet. The source is most likely the packer, so recommendation is to check the source of your packer as there may be malicious versions in the wild that insert malicious code into your compiled perl executables. Note, the code is highly resistant to sanbox analysis and carries out a good deal of VM enumeration so YMMV in getting it to run and do malicious things outside of bare metal execution.

... although I've not identified specifically where yet. ... there may be malicious versions in the wild that insert malicious code into your compiled perl executables.

Sorry, but without specifics, this smells like FUD. Most people are likely to get their PAR::Packer from CPAN. The list of mirrors can be parsed by e.g. CPAN::Mirrors. If something were to be found there, then action would need to be taken.