Advice Request We need something like this (X-Ray v2.0)

Please provide comments and solutions that are helpful to the author of this topic.

Chipicao

Level 2
Thread author
May 17, 2020
88
Hi, Do you have think about sending samples to AV Companies automatically without doing nothing? That is what this software does. But doesn't do anymore because isn't updated along time ago. I think this is in right section, if not please move it to the right section.

This is a interesting tool, unfortunately is outdated and may not work properly, but the features and functions are very good. Something should try to make a Tool like this.

I know, I know... And what to do about Spamming and massive submitting of Samples? Well that can be discussed in many ways, to prevent that.

  • Queue limit
  • Daily Limit Uploads
  • Account Required
  • Captcha
  • Verification Process
And many many other things to limit, block, and restric.

The tool is called "X-Ray 2.0" what exactly this tool does? Well, is easy to understand: Auto Submit Suspicious Files to Antivirus Analyst.

xray2-settings.png



Like I said above, unfortunately is outdated and may not working right now with some of them. If someone have knowledge, can make something like this tool. And the real problem is, isn't open-source.

You may ask: Why not upload instead to Virustotal here is the answer of the developer:

You completely misunderstand what the X-Ray tool is for. Its main purpose is to submit files you might think are suspicious to antivirus vendors so they can be analyzed. The fact it sends files and pulls scan information from Virustotal is to help with the identification and analysis of the file itself.

What you send to the antivirus vendors will help to better classify the file in question as malicious or clean at sites like Virustotal in future.

Link: X-Ray 2.0: Auto Submit Suspicious Files to Antivirus Analyst • Raymond.CC

If someone have knowledge (know-how) about programming, this is a good and brillant idea.

What you think guys? Good Tool? Unfortunately I don't see any alternatives, unless submit it manually.
 

Chipicao

Level 2
Thread author
May 17, 2020
88
Virustotal is an alternative. They have chrome and firefox addons for automatic file submissions.

You don't understand what this tool does, this tools isn't for know if is malware or not. This tool is to report to AV Companies Samples, Malware to be analyzed and added to their database, Virustotal doesn't do that. If file is infected, and isn't detected by VirusTotal and you know that is malware, you should send this to Antivirus Companies to be analyzed.

That's what this tool does.

A better explain:
You completely misunderstand what the X-Ray tool is for. Its main purpose is to submit files you might think are suspicious to antivirus vendors so they can be analyzed. The fact it sends files and pulls scan information from Virustotal is to help with the identification and analysis of the file itself.

What you send to the antivirus vendors will help to better classify the file in question as malicious or clean at sites like Virustotal in fu

Did you understand? This tool is completely different and does other things.
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
You don't understand what this tool does, this tools isn't for know if is malware or not. This tool is to report to AV Companies Samples, Malware to be analyzed and added to their database, Virustotal doesn't do that. If file is infected, and isn't detected by VirusTotal and you know that is malware, you should send this to Antivirus Companies to be analyzed.

That's what this tool does.

A better explain:


Did you understand? This tool is completely different and does other things.

VirusTotal automatically shares each uploaded file with the various IT security companies and AVs manufacturers who are in partnership with them.

1591464909886.png
 
Last edited:

Chipicao

Level 2
Thread author
May 17, 2020
88
VirusTotal automatically shares each uploaded file with the various IT security companies and AVs manufacturers who are in partnership with them.


I know that!! But are some files and malware that is on VirusTotal but AV Companies doesn't detect them has malware, when you submit it to them some of them, recognize that is malware. I have seen this before.

Check the link above of the tool and read the comments in the blog. This tool is different, do you know that because it is on VirusTotal that not means that it has been analyzed manually by AV Companies right?
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
VirusTotal automatically shares each uploaded file with the various IT security companies and AVs manufacturers who are in partnership with them.

This is not the same though. AV companies who are subscribed to VT data have access to it but that doesn't usually mean a malware analyst will check those regularly. Besides, all AVs are not subscribed to VT feed. I heard a rumor that ESET are not subscribed to VT (Just something I heard and also my own experience matches this info but I could be wrong).
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Did you try the contact form, or call the number to see if anyone responds?
 
  • Like
Reactions: Protomartyr

Chipicao

Level 2
Thread author
May 17, 2020
88
This is not the same though. AV companies who are subscribed to VT data have access to it but that doesn't usually mean a malware analyst will check those regularly. Besides, all AVs are not subscribed to VT feed. I heard a rumor that ESET are not subscribed to VT (Just something I heard and also my own experience matches this info but I could be wrong).

^ Is this, finally someone has able to understand. For example GData doesn't detected a software has PUP, in VirusTotal only 8 detected it, GData not. After did a rescan and wait 2-3 days, GData still not detecting. I submit manually the sample and GData has said what I expected, they detect it has PUP and after submitting it appears on VirusTotal.

I said this little history, just to confirm. Because they are on VirusTotal that doesn't mean they analyze all things they upload, it's like Click Right > Scan File.. Is like this how VirusTotal works.

That is my experience, people can't trust in VirusTotal was a Sample Submit! Most of AV Companies have their own page to submit malware to be analyzed generally "manually" and not with AI.

That is the reason why this tool has been created. To submit samples or suspicious files to be analyzed by AV Companies, not to be scanned!

Glad you did understand it ;)

Did you try the contact form, or call the number to see if anyone responds?

Nop, if he don't reply to comments... Since along time ago.
Feel free to contact him, if you are interested.

I posted this, if someone wants to recreate something similar to it. Seems very useful.
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
I'm pretty sure the files are sent and then analysed. A few years ago I did some tests with custom malware and within a few hours there were already about twenty products detecting such files (from 0 detections), other malware took much longer.
Sometimes, after sending files to VirusTotal, it may take only a few hours or even days before AVs add the malware to their database. Obviously VT does not replace the various sample submission pages (which allows faster analysis and possible addition of malware than VT) but it can still be a practical way to do so.
Also read more here:
 

Chipicao

Level 2
Thread author
May 17, 2020
88
I'm pretty sure the files are sent and then analysed. A few years ago I did some tests with custom malware and within a few hours there were already about twenty products detecting such files (from 0 detections), other malware took much longer.
Sometimes, after sending files to VirusTotal, it may take only a few hours or even days before AVs add the malware to their database. Obviously VT does not replace the various sample submission pages (which allows faster analysis and possible addition of malware than VT) but it can still be a practical way to do so.
Also read more here:

That's not true. Like I said above, GData have one file that has considered PUP, and GData in VirusTotal was not detecting the file, I rescan 2x or 3x and I rescan in 3-4 days and still not detecting, until I submit the sample to GData and they send a email saying that is PUP and will be added to database signatures.

Like I said above, I will reinforce. Not every AV Companies analyze that, they analyze like "Scan" just like you do in you computer > Button Right > Click to Scan the file that is what most VirusTotal does with Antivirus.

Like for example @SeriousHoax said.

If some of AV analyze some files uploaded? Yes, some! They don't do always it.

it may take only a few hours or even days before AVs add the malware to their database
That is not entirely true. Like I said above, the case of GData and others are an example for that.

But I will post here another proof. In this case is BitDefender:

malw.PNG

Did you see? You are misunderstanding that this tool does, this tool send it to AV Companies to be Analyzed not to be "Scanned" just like you do on your computer or in VirusTotal, most of VirusTotal of course is an automattic scan just like you have on your computer.

If they share data, malware, info with AV? Yes, I pretty sure they do that. But not always they add it to detections.

Is completely different being analyzed manually than being analyzed by AI / Machine Learning can have errors to detect it and can't work properly sometimes.

X-Ray send samples to AV Companies Email that is the purpose of this tool, to be analyzed manually and if is detected malware (if is the case) to be added to database of AV Company.

If is how you are saying, none AV it would have a page to submit Malware or Forum, they simply said "submit to VirusTotal"

The way how you are thinking is not wrong, but it is not at all correct.

Have a nice day.
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
That's not true. Like I said above, GData have one file that has considered PUP, and GData in VirusTotal was not detecting the file, I rescan 2x or 3x and I rescan in 3-4 days and still not detecting, until I submit the sample to GData and they send a email saying that is PUP and will be added to database signatures.

Like I said above, I will reinforce. Not every AV Companies analyze that, they analyze like "Scan" just like you do in you computer > Button Right > Click to Scan the file that is what most VirusTotal does with Antivirus.

Like for example @SeriousHoax said.

If some of AV analyze some files uploaded? Yes, some! They don't do always it.


That is not entirely true. Like I said above, the case of GData and others are an example for that.

But I will post here another proof. In this case is BitDefender:

View attachment 242354

Did you see? You are misunderstanding that this tool does, this tool send it to AV Companies to be Analyzed not to be "Scanned" just like you do on your computer or in VirusTotal, most of VirusTotal of course is an automattic scan just like you have on your computer.

If they share data, malware, info with AV? Yes, I pretty sure they do that. But not always they add it to detections.

Is completely different being analyzed manually than being analyzed by AI / Machine Learning can have errors to detect it and can't work properly sometimes.

X-Ray send samples to AV Companies Email that is the purpose of this tool, to be analyzed manually and if is detected malware (if is the case) to be added to database of AV Company.

If is how you are saying, none AV it would have a page to submit Malware or Forum, they simply said "submit to VirusTotal"

The way how you are thinking is not wrong, but it is not at all correct.

Have a nice day.

Obviously not everyone takes advantage of VT but some do (read well what I wrote before: "Obviously VT does not replace the various sample submission pages (which allows faster analysis and possible addition of malware than VT but it can still be a practical way to do so."). Since X-Ray is an outdated project and no longer working and as there is no alternative the only "fast" method is to use VT, alternatively you can create a mailing list and send the malware zipped password protected (infected) to AVs that supported such way of sending suspicious files.


I’ll leave you an e-mail list.
N.B: It’s an unverified list, some emails may not work or some AVs may no longer accept sending samples via email. I suggest you complete your own list. The ones I'm sure are working are: Sophos, Eset, Kaspersky, McAfee, eScan, Fortinet, PSafe, Dr.Web and Adaware.

 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top