Of course, gmail has good security, but even if you do something to make gmail allow this file, the victim computer's antivirus might detect it, there is no guarantee to make a payload totally undetectable. I recommend you to learn C++ and create your own Trojan which is much more hard to detect and even more secure, you can also use some methods for your Trojan to reduce the chance of detection. After all, client side attacks are not so technical, it's better to spent your time with server side attacks
Good luck my friend
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked
to them, may never hear from them again... I know you all...