- Jan 4, 2016
- 1,022
Good evening, how can we define the kind of signatures used by VirusTotal? I know they are the ones used when doing a command-line scan with the product, but is there a specific name?
Behaviour analysis really? I have never seen that on VirusTotal. Just some artificial intelligence
Avast might have even included DeepScreen (they changed name, not sure what it is called now off the top of my head) in VT scanning, I am not 100% entirely sure on this one. Just a guessBehaviour analysis really? I have never seen that on VirusTotal. Just some artificial intelligence
Yes, sometimes, analyzing a file on VirusTotal we can see some heuristic detection, but this absolutely doesn't imply that all of the heuristic and behavioral technology of a particular antivirus product was included in the on demand scanner because, of course, some technologies can not be included in an on demand scanner.Behaviour analysis really? I have never seen that on VirusTotal. Just some artificial intelligence
If the malware is not executed, it is not possible to consider a full dynamic analysis.Can we say that VirusTotal uses only those components of products which make static analysis, whithout amy dynamic one?
Yeah, that's a good way of defining VirusTotal technology, as static analysisIf the malware is not executed, it is not possible to consider a full dynamic analysis.
It is now called CyberCapture, but I don't believe it's now included in VirusTotalAvast might have even included DeepScreen (they changed name, not sure what it is called now off the top of my head) in VT scanning, I am not 100% entirely sure on this one. Just a guess
I agree, also because a full dynamic analysis of a sample for 5X antivirus would require a few hoursExcept the sample may be executed for code emulatipn/quick behavioral identification on the backend of the server which we cannot see, like how deepscreen used to work.
Unless we contact VT or the vendors and ask we wont know for sure.
Yes however if they run it they can combine an advanced memory scanner and dump the PE to disk and then rescan for packed samples.I agree, also because a full dynamic analysis of a sample for 5X antivirus would require a few hours