Anomaly detection: How safe is ePSXe?

During the last weeks, my roommate returned to his childhood playing his old PS1 games with an emulator that I prepared him: ePSXe 2.0.5 for Windows.

A few days ago, he came back to me saying that the software "disappeared". I checked and noticed that the antivirus on his laptop (Avast) generated an alert and quarantined the main .exe file.

As the software is quite popular and I do not know what my roommate does with his laptop, I bet on 2 options:

  • False positive
  • Corruption of a real malware

Then I did the following:

  1. Checked online if there was any information on this. It turned out that some other people had a similar problem in previous versions, but mostly led to heated debates without useful information.
  2. The exe file was temporarily removed from the quarantine and scanned again with Avast: no threat was detected.
  3. Scan it with Virustotal (the first time I use it): 2 of the 66 antivirus detect a threat (different). In the comments, a user notices that "sub exe" is detected as malicious, but I really do not know what that means (on the Relationship tab, malicious packets are more likely can contains this exe but I am not a specialist).
  4. The entire ePSXe folder was deleted and re-downloaded from the official website (as I did the first time):
  5. Re-scan with Avast: no threat detected.
  6. Re-scan with Virustotal: 2 antivirus of 66 detect a threat (different). (As before)

What leads to my question:

With respect to this information, can the official release of ePSXe 2.0.5 be considered safe or malicious, and why?

And any thoughts on this additional question will be appreciated:

What is the most reliable way to ensure that software is safe or malicious?

Thanks for your help !