balabolka.exe reported as Win32: Malware-gen

Viruses and worms
1

I’ve been using this portable app for 2 to 3 weeks with no problem, but after a recent virus def update am now seeing the balabolka.exe flagged as Win32: Malware-gen.

I also received this warning when attempting to re-download the file in order to make sure I had a clean copy. avast stopped the download on both the publisher’s main site and on the portableapps.com site as well.

This is a text to speech program that uses various versions of Microsoft Speech API. It has seemingly caused no problems on my system in the 3 weeks that I’ve used it, but now avast won’t let me open and run it.

I’m running Windows 8.1 64 with Office 2007 installed. The program is 32bit. The alert reads as follows: “Object: C:\Users.…balbolka.exe, Infection: Win32:Malware-gen, Action: Moved to chest, Process: C:\Windows\explorer.exe, The threat was detected and blocked just before the file was executed.” Followed by a link to report as a false positive.

Here is the link where the portable version of the program was originally downloaded. http://portableapps.com/apps/accessibility/balabolka-portable Another link is listed further down on this page to the program’s site. There is also an md5 hash listed lower down on that page, but I’m uncertain if it is for the balabolka program or for the portableapps program itself. I didn’t see a md5 listed on the creator’s site. The publisher of the program is Illya Morozov of http://cross-plus-a.com & portableapps.com.

I’m hoping someone might be able to help me determine if this exe is safe or not. Or at least help me make a best educated guess if it is worth the risk of running it. Thank you!

Here are the results from virscan.org and metascan-online.com, respectively:
VIRSCAN:
File Name : balabolka.exe (File not down)
File Size :4972544 byte
File Type :application/x-dosexec
MD5:986c8963dd2db3ab4c7cf7624fc99945
SHA1:6ef8985b6faf557747c0cf9454307f1527716922

Scanner results
Scanner results:5%Scanner(s) (2/39)found malware!
Time: 2014-08-08 17:28:51 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 3
antivir 1.9.2.0 1.9.159.0 7.11.165.246 Found nothing 13
antiy 014621 AVL140512 2014-07-30 Found nothing 5
arcavir 1.0 2011 2014-05-30 Found nothing 9
asquared 9.0.0.4157 9.0.0.4157 2014-07-30 Found nothing 3
avast 140807-0 4.7.4 2014-08-07 Win32:Malware-gen 22
avg 2109/7410 10.0.1405 2014-07-24 Found nothing 1
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
baidusd 1.0 1.0 2014-04-02 Found nothing 2
bitdefender 7.56262 7.90123 2014-08-08 Found nothing 10
clamav 19266 0.97.5 2014-08-06 PUA.Win32.Packer.Asprotect-2 1
comodo 15023 5.1 2014-07-30 Found nothing 3
ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-07-30 Found nothing 48
fortinet 22.615 5.1.153 2014-08-08 Found nothing 4
fprot 4.6.2.117 6.5.1.5418 2014-08-07 Found nothing 1
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 1
gdata 24.3405 24.3405 2014-07-30 Found nothing 10
hauri 2.73 2.73 2014-06-13 Found nothing 1
ikarus 1.06.01 V1.32.31.0 2014-08-07 Found nothing 18
jiangmin 16.0.100 1.0.0.0 2014-07-28 Found nothing 13
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 28
kingsoft 2.1 2.1 2013-09-22 Found nothing 3
mcafee 7520 5400.1158 2014-08-04 Found nothing 10
nod32 9809 3.0.21 2014-05-16 Found nothing 15
panda 9.05.01 9.05.01 2014-06-15 Found nothing 5
pcc 10.970.04 9.500-1005 2014-08-07 Found nothing 2
qh360 1.0.1 1.0.1 1.0.1 Found nothing 12
qqphone 1.0.0.0 1.0.0.0 2014-08-08 Found nothing 1
quickheal 14.00 14.00 2014-06-14 Found nothing 4
rising 25.17.00.04 25.17.00.04 2014-06-02 Found nothing 5
sophos 5.04 3.51.0 2014-08-05 Found nothing 7
sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Found nothing 16
symantec 20140805.002 1.3.0.24 2014-08-05 Found nothing 2
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-06-16 Found nothing 7
vba 3.12.26.3 3.12.26.3 2014-08-07 Found nothing 7
virusbuster 15.0.871.0 5.5.2.13 2014-08-07 Found nothing 14

METASCAN-ONLINE:

First uploaded2014-08-08 09:33:31 GMT

FiletypeEXE/DLL

Last scanned2014-08-08 09:33:31 GMT

File size5 MB

MD5 986C8963DD2DB3AB4C7CF7624FC99945

SHA1 6EF8985B6FAF557747C0CF9454307F1527716922

SHA256 BCCE5F47D3950C282C2356400C07849CCF19D9AA8D90CACC151D573578D74795
Engine Scan Time Last Updated Result
Agnitum 1732 ms Aug 07 2014 (1 day ago)
No threat detected
Ahnlab 530 ms Aug 08 2014
No threat detected
Antiy 6802 ms Aug 07 2014 (1 day ago)
No threat detected
AVG 3136 ms Aug 07 2014 (1 day ago)
No threat detected
Avira 1014 ms Aug 08 2014
No threat detected
BitDefender 4664 ms Aug 08 2014
No threat detected
ByteHero 2792 ms Aug 07 2014 (1 day ago)
No threat detected
ClamWin 3635 ms Aug 07 2014 (1 day ago)
No threat detected
Commtouch 546 ms Aug 07 2014 (1 day ago)
No threat detected
DrWebGateway 234 ms Aug 08 2014
No threat detected
Emsisoft 4493 ms Aug 08 2014
No threat detected
ESET 12839 ms Aug 07 2014 (1 day ago)
No threat detected
F-prot 1108 ms Aug 07 2014 (1 day ago)
No threat detected
F-secure 5304 ms Aug 07 2014 (1 day ago)
No threat detected
Filseclab 3276 ms Aug 07 2014 (1 day ago)
No threat detected
Fortinet 5522 ms Aug 07 2014 (1 day ago)
No threat detected
Hauri 374 ms Aug 08 2014
No threat detected
Ikarus 593 ms Aug 07 2014 (1 day ago)
No threat detected
Jiangmin 6677 ms Aug 07 2014 (1 day ago)
No threat detected
K7 936 ms Aug 07 2014 (1 day ago)
No threat detected
Kaspersky 1310 ms Aug 07 2014 (1 day ago)
No threat detected
Lavasoft 6084 ms Aug 07 2014 (1 day ago)
No threat detected
McAfee-Gateway 6365 ms Aug 08 2014
No threat detected
Microsoft 5320 ms Aug 07 2014 (1 day ago)
No threat detected
NANO 2387 ms Aug 07 2014 (1 day ago)
No threat detected
Norman 1716 ms Aug 07 2014 (1 day ago)
No threat detected
nProtect 31 ms Aug 06 2014 (2 days ago)
No threat detected
QuickHeal 1108 ms Aug 07 2014 (1 day ago)
No threat detected
Sophos 5413 ms Aug 07 2014 (1 day ago)
No threat detected
SUPERAntiSpyware 3962 ms Aug 04 2014 (4 days ago)
No threat detected
Symantec 2137 ms Aug 07 2014 (1 day ago)
No threat detected
Tencent 2792 ms Aug 08 2014
No threat detected
ThreatTrack 26614 ms Aug 07 2014 (1 day ago)
No threat detected
TotalDefense 1420 ms Aug 06 2014 (2 days ago)
No threat detected
TrendMicro 5398 ms Aug 06 2014 (2 days ago)
No threat detected
TrendMicroHouseCall 5756 ms Aug 06 2014 (2 days ago)
No threat detected
VirIT 1310 ms Aug 07 2014 (1 day ago)
No threat detected
VirusBlokAda 5413 ms Aug 06 2014 (2 days ago)
No threat detected
Zillya! 702 ms Aug 08 2014
No threat detected
Zoner 1841 ms Jul 30 2014 (1 week ago)
No threat detected

2

much easier to post link to scan result … and not copy and paste
seems to be a false positive

First submission 2014-07-20 18:54:59 UTC ( 2 weeks, 4 days ago )
https://www.virustotal.com/en/file/bcce5f47d3950c282c2356400c07849ccf19d9aa8d90cacc151d573578d74795/analysis/

CopyrightCopyright (c) 2006-2014 Ilya Morozov Publisher Ilya Morozov Product Balabolka Original name balabolka.exe Internal name balabolka File version 2.10.0.572 Description Balabolka Comments Text-To-Speech (TTS)
3

You can report it using one of these options…you may add a link to this topic in case they reply here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

4

Hello,
thanks for notice, FP will be fixed in next stream update.

Milos

5

Thank you so much for your help!! Sorry. Completely spaced on not just providing link to the scans.

I made sure I had the latest def update then restored the exe and attempted to open. After deepscan did its thing, the program was allowed to open and runs as normal.

I’ve used avast for 8+ years and never had a single issue. It just runs and protects. I’ve recommended it to everyone and install it on family members’ computers that come to me for service. Can’t say enough good things about it and now I have nothing but good things to say about the support forum as well. Fast, informative and reliable. Awesome.