Over complicating things
Whenever an icon for a Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK) should be shown, Gnome Files calls /usr/bin/gnome-exe-thumbnailer to either extract an embedded icon from the file in question or deliver a fallback image for the appropriate filetype.”
Just deliver the fallback image. Nobody needs to start up WINE once per file in a file browser nor are they really interested in the icon, they just need to see if it's a Windows executable or whatever. Exploits like this happens when people over engineer stuff.