Question How to judge a file is safe or not in Virustotal?

Please provide comments and solutions that are helpful to the author of this topic.

C

Can't Decide

Level 1
Thread author
Dec 15, 2023
28
I know this might be newbie question but how do I know or judge whether the file is safe or not?

Recently I uploaded Sandboxie-Plus 1.13.3 and PeaZip 9.7.1 setup installer to Virustotal, though both came out 0 detection but under "community" tab some sandbox:unsure: verdict indicate "likely malicious". And also for PeaZip 9.7.1, under "Relations" or "behavior" had some past detection. Because of that I'm confused about how to judge a file to be safe or not.

Better be safe than sorry since I don't know these issue had been solved or not Security News - GitHub besieged by millions of malicious repositories in ongoing attack

Furthermore, these can happen to other excutable files whether its downloaded from github or offical website. Can anyone give some advise?
 
  • Like
Reactions: Jonny Quest and vtqhtr413
Sort by date Sort by votes
Practical Response

Practical Response

Level 8
Mar 10, 2024
357
Can't Decide said:
Thank you for taking your time helping me, it really show more infomation. (y)

It's good that people with knowledge about the matter give advice than blindly follow some random online advice, even though some advice might be too advance for me but at the same time I learn something.
Click to expand...

You are quite welcome. The habit you are developing to "verify" is a good habit that will carry you far in security. Asking when you can not find the answer is definitely one of those habits and how everyone learns.

LennyFox said:
Bottem line: you really know for 100% it is safe without running it in a real environment and monitor system and network behavior for at least an hour, so either you live with it or don't download and execute it ;)
Click to expand...
This was misleading and worded in such a way that the user could have taken this advice and found themselves with an issue. It is why I responded the way I did, because no where do you state in this post that its in a contained lab and done by professional malware hunters. Its careless and irresponsible to respond with things as such to play word games.
 
  • Like
Reactions: harlan4096 and Can't Decide
Upvote 0
Jan Willy

Jan Willy

Level 12
Verified
Top Poster
Well-known
Jul 5, 2019
568
Practical Response said:
This was misleading and worded in such a way that the user could have taken this advice and found themselves with an issue.
Click to expand...
The author of the 'misleading' quote corrected it already and apologized in this post:
malwaretips.com

Question - How to judge a file is safe or not in Virustotal?

I know this might be newbie question but how do I know or judge whether the file is safe or not? Recently I uploaded Sandboxie-Plus 1.13.3 and PeaZip 9.7.1 setup installer to Virustotal, though both came out 0 detection but under "community" tab some sandbox:unsure: verdict indicate "likely...
malwaretips.com malwaretips.com
 
  • +Reputation
Reactions: LennyFox
Upvote 0
Practical Response

Practical Response

Level 8
Mar 10, 2024
357
Jan Willy said:
The author of the 'misleading' quote corrected it already and apologized in this post:
malwaretips.com

Question - How to judge a file is safe or not in Virustotal?

I know this might be newbie question but how do I know or judge whether the file is safe or not? Recently I uploaded Sandboxie-Plus 1.13.3 and PeaZip 9.7.1 setup installer to Virustotal, though both came out 0 detection but under "community" tab some sandbox:unsure: verdict indicate "likely...
malwaretips.com malwaretips.com
Click to expand...
My post was not directed at the typo in bold so much as to point out that he left out some wording he later added then acted like I had no idea what I was talking about because of. Again, these type of posts like his pollute the learning experience for average users, that have to now wade through all this to find information that could be valuable or vital. The post he initially posted was misleading stating to just execute it on the system and find out, if the reader stopped reading at that point they wouldn't have seen his post later on stating to do it in a lab. It was a wording game, because this user likes to play games with others on threads, and its irresponsible and potentially damaging to average users here to learn.

LennyFox said:
Yes that is the standard practice and you have to wait for an hour (because some malware does not activate in VM and some malware uses a delay of 15 minutes to fool behavior blockers or have build in delays when they connect to C&CC's). Now she does not want to speak to you anymore (needing to explain why malware hunters use real encapsulated environments), sorry 😞 (again only being the messenger I have no idea what a C&CC or encapsulated environment is, for example)
Click to expand...
 
Upvote 0
Jan Willy

Jan Willy

Level 12
Verified
Top Poster
Well-known
Jul 5, 2019
568
Practical Response said:
My post was not directed at the typo in bold so much as to point out that he left out some wording he later added then acted like I had no idea what I was talking about because of. Again, these type of posts like his pollute the learning experience for average users, that have to now wade through all this to find information that could be valuable or vital. The post he initially posted was misleading stating to just execute it on the system and find out, if the reader stopped reading at that point they wouldn't have seen his post later on stating to do it in a lab. It was a wording game, because this user likes to play games with others on threads, and its irresponsible and potentially damaging to average users here to learn.
Click to expand...
I understand your concern about the security of the 'average' user, but in my eyes repeating the critisized quotes outside their original context - what you now did again - doesn't help. In earlier posts you've made already your point very clear. I think that even the 'average' user will have noticed this.
 
Last edited:
  • Thanks
Reactions: LennyFox
Upvote 0
TairikuOkami

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,497
Can't Decide said:
I know this might be newbie question but how do I know or judge whether the file is safe or not?
Click to expand...
I do not know about you, but I judge the file by myself. Like, what it is? A mod or a script to modify something? Who published it? How long has it been around?
To me Virustotal is a second opinion, but biased. Let say that Virustotal would report that a file is 99% malware, but it was published by Andy, I would still run it.
Sure, repositories can be hijacked, so maybe I would not run it immediately, but I would not be too worried about it, especially after reading verified comments.
 
  • Like
Reactions: Can't Decide, roger_m and Jonny Quest
Upvote 0
Sandbox Breaker

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
435
While I meticulously analyze all files in my clients' systems as a malware analyst and threat hunter, even with peer review, there's no foolproof detection. Even the most advanced techniques can miss cleverly disguised malware like supply chain attacks and encrypted code. However, the combination of human expertise and advanced technology offers the best chance of identifying such threats.
 
Upvote 0
C

Can't Decide

Level 1
Thread author
Dec 15, 2023
28
Freki123 said:
Maybe also take a look at Kaspersky Threat Intelligence Portal It's one engine (kaspersky) but the seem to do more advanced stuff then when listed on virus total alone.
The "Dynamic analysis summary" at the bottom in green, orange and red may also give some hints.
Click to expand...
Thank you, I will take a look.

TairikuOkami said:
I do not know about you, but I judge the file by myself. Like, what it is? A mod or a script to modify something? Who published it? How long has it been around?
To me Virustotal is a second opinion, but biased. Let say that Virustotal would report that a file is 99% malware, but it was published by Andy, I would still run it.
Sure, repositories can be hijacked, so maybe I would not run it immediately, but I would not be too worried about it, especially after reading verified comments.
Click to expand...
Where do you read verified comments?
 
Upvote 0
Practical Response

Practical Response

Level 8
Mar 10, 2024
357
Can't Decide said:
Where do you read verified comments?
Click to expand...

This post has verified items in it with information of where and how. I apologize it was buried in all the useless posts and why I commented on this and the problem it presents. A clean thread with actual helpful information is certainly easier for the original posters to find what they need from it.

Post in thread 'How to judge a file is safe or not in Virustotal?' Question - How to judge a file is safe or not in Virustotal?
 
  • Like
Reactions: Can't Decide
Upvote 0

Similar threads

S
Question How secure is KTS on DEFAULT settings?
Replies
8
Views
444
Kaspersky
Trident
Trident
upnorth
    • Like
    • Wow
    • Sad
  • Sticky
Hot Take Malwarebytes may not be allowed to label rival's app as 'Potentially Unwanted'
Replies
11
Views
1,231
Malwarebytes
AlexCa
A
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Thousands of GitHub repositories deliver fake PoC exploits with malware
Replies
0
Views
699
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top