How to use Virus Total effectively?

shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
If I check a file on Virus Total, and it comes out clean, how do I know that this is not just because it is a new virus?
 
  • Like
Reactions: Dirk41 and kev216
True, the only way to find out is to run them in a sandbox, or even more devious, in a Virtual Machine.
But of course only downloading files from trusted sources might prevend you from the need to do all of this.
 
  • Like
Reactions: shukla44, Dirk41, frogboy and 1 other person
VirusTotal offers a free scan service based on the opinion of many AVs.
If the file, according to VT, is clean there are two possibilities: the file is actually clean, or the file is FUD and then fully undetected.
The best thing is to upload the suspect file to an online malware analysis service like Malwr or Hybrid Analysis to perform a behavioral dynamic analysis and then read the results according to a certain level of knowledge.

https://malwr.com
https://www.hybrid-analysis.com

And here:

https://malwaretips.com/threads/some-tips-to-identify-malicious-samples-during-the-analysis.56983/
 
Last edited by a moderator:
  • Like
Reactions: shukla44, Dirk41, silversurfer and 7 others
Kate_L said:
You don't know, you need to use some type of sandbox. Also, more and more viruses are signed.
Click to expand...
I still don't understand how the sandbox helps you. If you run it in sandbox, and your antivirus kills it, then you would have been safe anyway. And if your antivirus doesn't kill it, you will think it is clean, and run it even outside of the sandbox, next time, You can't live in a sandbox forever.
 
  • Like
Reactions: frogboy
my own admittedly unprofessional approach is to see if I can find someone writing about the file on the web. If it already has a write-up, it can't be too new, and VT should know whether it is clean or not.

edit: but you still have to check whether the file is in the right location, or it might be malware named after a legitimate file.
For instance, if Adobe released a new patch that has file X, and this file turns up in your Adobe folder, it is probably legit.
 
Last edited:
Klipsh said:
VirusTotal offers a free scan service based on the opinion of many AVs.
If the file, according to VT, is clean there are two possibilities: the file is actually clean, or the file is FUD and then fully undetected.
The best thing is to upload the suspect file to an online malware analysis service like Malwr or Hybrid Analysis to perform a behavioral dynamic analysis and then read the results according to a certain level of knowledge.

https://malwr.com
https://www.hybrid-analysis.com

And here:

https://malwaretips.com/threads/some-tips-to-identify-malicious-samples-during-the-analysis.56983/
Click to expand...
Wow i didn't know those websites.. So they are even better than virus total
 
You must log in or register to reply here.

You may also like...