So, this was a message “caught” being sent using the Contact form? If it is, nothing in the encodes the message in HEX. Perhaps someone copy/pasted the text from another source which already had the text HEX encoded.
The message body is run through the core WordPress
sanitize_text_field() function, it could be possible that another plugin added a filter to this function which is doing the HEX encoding.
Have you tried sending other test messages thru Contact? Do they also get flagged by WF?