By using the previous source code the anti-virus will have more difficulty to understand what is happening. The Russian doll technique can be a good trick to hide a malicious function.
The fact of compiling several times will not give us a new signature, only the modification of the code has an impact
Once the binary is ready to be executed, access to the internet should be cut in the test environment in order not to send the signature of the bypass to Microsoft or to the editor.
To optimize the probability to bypass the protections we will have to combine several techniques, for example encrypt the active load, de-activate Microsoft logs or choose a special way to inject the virus (cf process injection).