Serious Discussion Services to check file security online

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
I mean it's basically an all-in-one package. Definitely a nice tool đź‘Ś
fwiw fyi I created account at tip.neiki.dev but it said it expires in 30 days? This computer is currently not holding a file to submit :(
 

Kongo

Level 37
Verified
Top Poster
Well-known
Feb 25, 2017
2,603
fwiw fyi I created account at tip.neiki.dev but it said it expires in 30 days? This computer is currently not holding a file to submit :(
Used to work without an account before. Maybe too many uploads at the moment. I am sure he will enable guest uploads soon again.
 
  • +Reputation
Reactions: simmerskool

Kongo

Level 37
Verified
Top Poster
Well-known
Feb 25, 2017
2,603
Any other nice all in one scanners that have a lot of providers ?

Btw thanks for sharing it now I can download samples from virus total using it anyway if anyone is willing to donate to Threat Insights Portal they definitely deserve some donations to keep it running (my new favorite online scanner )
No, it's the only one that I am aware of. Still, another good analysis platform that hasn't been mentioned yet is: https://analyze.intezer.com/
 
  • +Reputation
Reactions: simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
Any other nice all in one scanners that have a lot of providers ?

Btw thanks for sharing it now I can download samples from virus total using it anyway if anyone is willing to donate to Threat Insights Portal they definitely deserve some donations to keep it running (my new favorite online scanner )
? re the symsubmit.symantec.com -- appears to say it is for folks using symantec or carbon black, FAQ say something about having ID...?
 

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,641
Used to work without an account before. Maybe too many uploads at the moment. I am sure he will enable guest uploads soon again.
He said on X that it's because of someone who abused it by sending the same non functioning py file but anyway he will certainly bring it back
 
  • Like
Reactions: simmerskool

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,641
I didn't pay comodo you have to singup as an enterprise to get it free for auto human analysis


About Symantec they tell you what technologies it detected it if it's malicious and if not it will just say it's clean and you can test yourself it's pretty nice as it goes through manual analysis and you get results in the mail

View attachment 286440

Since it's analyzed by a human after it's sent you get a nice report and I'm always using this nowadays for suspicious files as it defects stuff other can't and has better false positives ratios then virus total

Screenshot_2024-11-29-09-25-31-500_com.google.android.gm-edit.jpgScreenshot_2024-11-29-09-20-37-973_cn.wps.moffice_eng-edit.jpg
 

Tx00

New Member
Dec 3, 2024
11
More not an antivirus scanner, but a service for analyzing files.
Thanks for sharing valuable information just a few questions :
1-Did you write it correctly ? you wanted to write More than an antivirus or your text is correct ?

2- Why most of this online toolkit could not proceed a file even with less than 1 MB ?
for example Interactive Online Malware Analysis Sandbox - ANY.RUN needs business email and like VirusTotal could not upload a file directly.
3-In the case of inconsistencies among them, which one could be judged as more reliable and confident?

thanks
 

CyberDevil

Level 9
Thread author
Verified
Well-known
Apr 4, 2021
424
1-Did you write it correctly ? you wanted to write More than an antivirus or your text is correct ?

2- Why most of this online toolkit could not proceed a file even with less than 1 MB ?
for example Interactive Online Malware Analysis Sandbox - ANY.RUN needs business email and like VirusTotal could not upload a file directly.
3-In the case of inconsistencies among them, which one could be judged as more reliable and confident?
1. I mean this service is a tool to statically analyze a file, although it can give a verdict that the file is malicious or suspicious, but it is not an antivirus. So it is not an antivirus, but a service for your own analysis. I usually check there what network requests the application makes, if there are unclear url's in non-European (not USA) domains, then it's really suspicious.

2. I honestly didn't understand the question in point 2. You can directly upload a file to any of the services mentioned, especially if it's less than 1 megabyte. Some require registration, but from the list it seems to be only Metadefender and Any.run. I have a free email from tutanota that worked fine for me. I didn't know it required business mail, if that's true, anyway, you can also make a free mailbox on tutanota (it's a German secure private e-mail service).

3. My advice is to first look at the verdicts of engines like Eset, Kaspersky, Bitdefender, Malwarebytes, Sophos, Avast and use VirusTotal, Metadefender, Jotti's malware scan and VirScan.

Next is simple logic:
- If there is a detection of at least 2 of these 6, then the file is 95% really dangerous.
- If the list contains 1-3 detections from little-known companies, it is safe to a higher probability.
- If there are more than 5 detections from any companies, it is most likely dangerous.

If the file is still very suspicious, recheck it after a day and a couple of days after you have uploaded it to dynamic analysis services (Kaspersky, Sophos, Metadefender, Hybrid Analysis).
 

CyberDevil

Level 9
Thread author
Verified
Well-known
Apr 4, 2021
424
Oh, I can't edit the first post anymore ... I wanted to add new links there =(

Threat Insights Portal - A really awesome service for complex analysis in the most popular sandboxes..

Sample Submission | SymSubmission - it's great that anyone can upload up to 750 megabytes to Symantec for analysis.

Xcitium Cloud Verdict - Human analysis there seems to be unavailable for free (although it seems to show that the file is in the queue to be analyzed, so I'll check it out.), but if someone wants to check up to 150 megabytes with Xcitium tools, why not. Unfortunately, it doesn't seem to be able to work with archives, so I haven't seen a way to load a full-fledged program with all libraries into it for dynamic behavior analysis..

Triage | Triage - Impressively, you can upload even very big archives or installers for free and run the file in real time on a real OS and then see a report of what the program did in the OS and see on a map what servers it accessed geographically.
 

Tx00

New Member
Dec 3, 2024
11
1. I mean this service is a tool to statically analyze a file, although it can give a verdict that the file is malicious or suspicious, but it is not an antivirus. So it is not an antivirus, but a service for your own analysis. I usually check there what network requests the application makes, if there are unclear url's in non-European (not USA) domains, then it's really suspicious.
Hi I appreciate your prompt response.
If you're familiar with static analyze could you give your opinion to my issue ? Question - How to view JS code Embedded in PDF file ?
2. I honestly didn't understand the question in point 2. You can directly upload a file to any of the services mentioned, especially if it's less than 1 megabyte. Some require registration, but from the list it seems to be only Metadefender and Any.run. I have a free email from tutanota that worked fine for me. I didn't know it required business mail, if that's true, anyway, you can also make a free mailbox on tutanota (it's a German secure private e-mail service).
anyrun needs business email and has not accepted Gmail.
3. My advice is to first look at the verdicts of engines like Eset, Kaspersky, Bitdefender, Malwarebytes, Sophos, Avast and use VirusTotal, Metadefender, Jotti's malware scan and VirScan.
I did with Kaspersky , VirusTotal ,VirScan , Jotti's , does sophos and Eset , avast has online service for file analyzing ? I did with malwareByte premium and last updated free bitdefender and nothing found!

Next is simple logic:
- If there is a detection of at least 2 of these 6, then the file is 95% really dangerous.
- If the list contains 1-3 detections from little-known companies, it is safe to a higher probability.
- If there are more than 5 detections from any companies, it is most likely dangerous.

If the file is still very suspicious, recheck it after a day and a couple of days after you have uploaded it to dynamic analysis services (Kaspersky, Sophos, Metadefender, Hybrid Analysis).
Thank you for pointing out
🙏🌹
 

CyberDevil

Level 9
Thread author
Verified
Well-known
Apr 4, 2021
424
If you're familiar with static analyze could you give your opinion to my issue ? Question - How to view JS code Embedded in PDF file ?
I'll add two additional scanners for you:

  • Malware.AI | Malware Detection Using Artificial Intelligence - this scanner converts the PDF (and other docs) into an image, which is then analyzed by AI, which is trained to find malicious payloads in these images.
  • Scan Maldoc - this scanner hasn't been updated in a while, but I think it can still be useful, it decompresses the PDF (and other docs) and analyzes its contents with known vulnerabilities at the time of its creation and maps it to Yara rules.

---
In general, if you just want to view a document and you are concerned about your security, then open it using a sandboxed viewer (Windows sandbox or Sandboxie). It is perfectly safe. There is no point in analyzing a single PDF file for so long. You can also send it to various AB labs if there is no private data.

P.S. Item 8 on my list is a scanner from Sophos. Eset has a free scanner (program). Avast doesn't have anything like that. And sorry for the long reply. Family stuff over the weekend. :)
 
Last edited:
  • +Reputation
Reactions: Vitali Ortzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top