Golriver

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google Inc. in September 2012.^[2][3] The company's ownership switched in January 2018 to Chronicle, a subsidiary of Alphabet Inc..

VirusTotal aggregates many antivirus products and online scan engines^[4][5] to check for viruses that the user's own antivirus may have missed, or to verify against any false positives.^[6] Files up to 256 MB can be uploaded to the website or sent via email.^[7] Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset. VirusTotal for dynamic analysis of malware uses Cuckoo sandbox.^[8]VirusTotal was selected by PC World as one of the best 100 products of 2007.^[9]

• 1Products and services

Products and services[edit]

VTUploader Free Download - Send and comment any file on VirusTotal website with one click. Automate analysis, comments and analyse processes list. VirusTotal is committed to help end-users in protecting their devices, thus, we have released mobile device tools that allow you to scan the applications on your phone with VirusTotal. Browse through the VirusTotal's mobile device applications and download the suitable one for your mobile operating system.

Windows Uploader[edit]

VirusTotal's Windows Uploader^[10] was an application that integrates into the Explorer's (right-click) contextual menu, listed under Send To > Virus Total. The application also launches manually for submitting a URL or a program that is currently running in the OS.

VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form https://www.virustotal.com/latest-scan/SHA256. File uploads are normally limited to 128 MB.^[11] In 2017 VirusTotal discontinued support of the Windows Uploader.^[12]

VirusTotal for Browsers[edit]

There are several browser extensions available, such as VTzilla for Mozilla Firefox, VTchromizer for Google Chrome and VTexplorer for Internet Explorer. They allow the user to download files directly with VirusTotal's web application prior to storing them in the computer, as well as scanning URLs.^[13]

VirusTotal for Mobile[edit]

The service also offers an AndroidApp^[14] that employs the public API to search any installed application for VirusTotal's previously scanned ones and show its status. Any application not previously scanned can be submitted, but an API key must be provided and other restrictions to public API usage may apply (see #Public API).

Public API[edit]

VirusTotal provides as a free service a public API that allows for automation of some of its online features such as 'upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples'. Some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by online signing up, low priority scan queue, limited number of requests per time frame, etc.^[15]

Antivirus products[edit]

Antivirus engines used for detection for uploading files.^[16]

• AegisLab (AegisLab)
• AhnLab (AhnLab V3)
• Antiy Labs (Antiy-AVL)
• Aladdin (eSafe)
• ALWIL (Avast! Antivirus)
• AVG Technologies (AVG)
• BluePex (AVware)
• Baidu (Baidu-International)
• BitDefender GmbH (BitDefender)
• Bkav Corporation (Bkav)
• ByteHero Information Security Technology Team (ByteHero)
• Cat Computer Services (Quick Heal)
• CMC InfoSec (CMC Antivirus)
• Comodo (Comodo)
• Doctor Web Ltd. (Dr.Web)
• Emsi Software GmbH (Emsisoft)
• Eset Software (ESET NOD32)
• FRISK Software (F-Prot)
• G Data Software (G Data)
• Hacksoft (The Hacker)
• Hauri (ViRobot)
• IKARUS Security Software (IKARUS)
• INCA Internet (nProtect)
• Invincea (Invincea, acquired by Sophos)
• Jiangmin
• K7 Computing (K7AntiVirus, K7GW)
• Kaspersky Lab (Kaspersky Anti-Virus)
• Malwarebytes Corporation (Malwarebytes' Anti-Malware)
• Microsoft (Malware Protection)
• Microworld (eScan)
• Nano Security (Nano Antivirus)
• Norman (Norman Antivirus)
• Panda Security (Panda Platinum)
• Rising Antivirus (Rising)
• SentinelOne
• Sophos (SAV)
• Symantec Corporation (Symantec)
• ThreatTrack Security (VIPRE Antivirus)
• TotalDefense
• Trend Micro (TrendMicro, TrendMicro-HouseCall)
• VirusBlokAda (VBA32)
• Zillya! (Zillya)
• Zoner Software (Zoner Antivirus)

Website/domain scanning engines and datasets[edit]

Antivirus scanning engines used for URL scanning.^[16]

Virustotal Scan Pc

• ADMINUSLabs (ADMINUSLABS)
• AegisLab WebGuard (AegisLab)
• Alexa (Amazon)
• AlienVault (AlienVault)
• Antiy-AVL (Antiy Labs)
• AutoShun (RiskAnalytics)
• Avira Checkurl (Avira)
• Baidu (Baidu-International)
• CRDF (CRDF FRANCE)
• C-SIRT (Cyscon SIRT)
• CLEAN MX
• Comodo Site Inspector (Comodo Group)
• CyberCrime (Xylitol)
• Dr.Web Link Scanner (Dr.Web)
• Emsisoft (Emsi Software GmbH)
• FortiGuard Web Filtering (Fortinet)
• G Data
• Google Safe Browsing (Google)
• K7AntiVirus (K7 Computing)
• Kaspersky URL advisor (Kaspersky Lab)
• Malc0de Database (Malc0de)
• Malekal (Malekal's MalwareDB)
• Malwarebytes hpHosts (Malwarebytes)
• Malwared (Malwared.malwaremustdie.org)
• Malware Domain Blocklist (DNS-BH - Malware Domain Blocklist)
• Malware Domain List (Malware Domain List)
• MalwarePatrol (MalwarePatrol)
• Malwares.com (Saint Security)
• Opera
• Palevo Tracker (Abuse.ch)
• ParetoLogic URL Clearing House (ParetoLogic)
• Phishtank (OpenDNS)
• Quttera (Quttera Ltd.)
• SCUMWARE (Scumware.org)
• SecureBrain (SecureBrain)
• SpyEye Tracker (Abuse.ch)
• StopBadware (StopBadware)
• Sucuri SiteCheck (Sucuri)
• ThreatHive (The Malwarelab)
• Trend Micro Site Safety Center (Trend Micro)
• urlQuery (urlQuery.net)
• VX Vault
• Websense ThreatSeeker (Websense)
• Webutation
• Wepawet (iseclab.org)
• Yandex Safe Browsing (Yandex)
• ZCloudsec (Zcloudsec)
• ZDB Zeus
• ZeuS Tracker (Abuse.ch)

File characterization tools & datasets[edit]

Utilities used to provide additional info on uploaded files.^[16]

• Androguard (Anthony Desnos)
• Cuckoo Sandbox (Claudio Guarnieri)
• ExifTool (Phil Harvey)
• Magic descriptor (Linux)
• NSRL information (NIST's National Software Reference Library)
• PDFiD (Didier Stevens)
• pefile (Ero Carrera)
• PEiD (Jibz)
• Sigcheck (Mark Russinovich)
• Snort (Sourcefire)
• ssdeep (Jesse Kornblum)
• Suricata (Open Information Security Foundation)
• Taggant packer information tool (ReversingLabs)
• TrID (Marco Pontello)
• UEFI Firmware parser (Teddy Reed)
• Wireshark (Wireshark Foundation)
• Zemana behaviour (Zemana)
• CarbonBlack (CarbonBlack)

Privacy[edit]

Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal About Page states under VirusTotal and confidentiality:^[17]

Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection.By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.

References[edit]

1. ^'Virustotal.com Traffic, Demographics and Competitors - Alexa'. Alexa Internet. Retrieved 24 December 2018.
2. ^Lardinois, Frederic. 'Google Acquires Online Virus, Malware and URL Scanner VirusTotal'. TechCrunch. Retrieved 12 April 2013.
3. ^VirusTotal Team (7 September 2012). 'An update from VirusTotal'. Blog.virustotal.com. Retrieved 3 June 2016.
4. ^'Credits & Acknowledgements : About VirusTotal'. VirusTotal. Retrieved 6 July 2014.
5. ^'Example Report'. Virustotal.com. 2 April 2014. Retrieved 3 June 2016.
6. ^'About VirusTotal'. Virustotal.com. Archived from the original on 12 August 2010. Retrieved 3 June 2016.
7. ^'VirusTotal gets a new hairdo'. VirusTotal Blog. Retrieved 4 November 2017.
8. ^'Credits of VirusTotal' (in Spanish). Virustotal.com. Retrieved 3 June 2016.
9. ^Dahl, Eric. 'The 100 Best Products of 2007'. PCWorld. IDG Consumer & SMB. Retrieved 3 June 2016.
10. ^'VirusTotal Windows Desktop Application'. VirusTotal. Retrieved 16 February 2014.
11. ^'What is the maximum file size that can be submitted'. FAQ. VirusTotal. Retrieved 20 January 2015.
12. ^'Desktop Apps'. VirusTotal. VirusTotal. Retrieved 24 December 2018.
13. ^'VTzilla: Mozilla Firefox Browser Extension'. VirusTotal. Retrieved 23 March 2014.
14. ^'VirusTotal for Android'. VirusTotal. Retrieved 23 March 2014.
15. ^'VirusTotal Public API v2.0'. VirusTotal. Retrieved 23 March 2014.
16. ^ ^abc'Credits & Acknowledgements'. Virustotal. Virustotal. Retrieved 3 June 2016.
17. ^https://www.virustotal.com/en/about/about/

External links[edit]

If you’re concerned a file might be malicious, you don’t need to download it and rely on your antivirus. You can scan the file for malware with over 60 antivirus engines before you download it—all with one single tool.

RELATED:Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves

This is no substitute for basic online security practices that can keep you safe from phishing and other threats, but it’s a way to perform a more in-depth check if you’re concerned about a file.

Scan a Link For Malware Using VirusTotal

How To Download From Virustotal To Google

To do this, you’ll need to locate a file’s download link. That’s the direct link to download the file, not just the address of the file’s download page. For example, if you want to scan a .exe file, you’ll need the direct link to the .exe file. If you want to scan a .doc file, you’ll need the direct link to the .doc file. You can spot this by mousing over the link and looking at the address in your browser.

Right-click the link and select “Copy link address” in Chrome, “Copy Link Location” in Firefox, or “Copy link” in Edge.

Next, head to VirusTotal.com in your web browser. This tool has been owned by Google since 2012.

Click the “URL” tab on the page and then paste the link you copied into the box. Click the search button or press Enter to scan the file.

VirusTotal will download the file you specified to its servers and scan it with a large number of different antivirus engines. If other people have recently scanned the file, VirusTotal will show you the recent scan results.

If you see “No engines detected this URL”, that means that none of VirusTotal’s antivirus engines said there was a problem with the file.

The “0/65” means the file was detected as malicious by 0 of VirusTotal’s 65 antivirus engines. This means it should be clean. Of course, it’s possible that new and exotic malware may not be detected by any antivirus programs yet, so it’s always a good idea to be careful and only get software from sources you trust. (In fact, not two days after publishing this article, our example file—CCleaner 5.33—was found to contain malware. A perfect example of how VirusTotal, while useful, isn’t perfect!)

If one of the antivirus engines detects a problem with a file, you’ll see a note saying that a number of antivirus engines detected the URL as a problem.

In some cases, the opinion may be near unanimous. In other cases, only a few antivirus tools may have a problem with the file. This is often a false positive, though in certain circumstances it could be that some antivirus tools have spotted new malware before others. You can scroll down to see which antivirus tools had a problem with the file, view more details about the file, and see community comments about whether the URL is safe or not. (In some cases, for example, it may just be flagged for including bundled crapware, which is easily bypassable.)

If you end up scanning a file download page instead of the downloaded file itself, you’ll see a “Downloaded file” link on the VirusTotal page. Click the icon to the right of “Downloaded file” to see more analysis about the file that web page downloads.

Integrate VirusTotal Into Your Browser

How To Download File From Virustotal

To make this process easier, the VirusTotal project offers browser extensions. These will integrate VirusTotal into your browser, allowing you to right-click a link on any web page and select a “Scan with VirusTotal” option. You won’t have to visit the VirusTotal website and copy-paste a link.

Extensions are available for Google Chrome, Mozilla Firefox, and Internet Explorer. Download the appropriate extension and you can right-click a link and select the VirusTotal option to quickly scan it and see the results.

How To Download From Virustotal

If VirusTotal is unanimous that a file is dangerous, you should stay away. If the results are mixed, you should be careful, but you may want to examine the more detailed antivirus results to see why they say the file is dangerous.

How To Download Virus From Virustotal

If a file is clean, that means it’s not detected by any antiviruses as malware. That doesn’t mean it’s safe, of course—antivirus software isn’t perfect and may not detect new malware, so ensure you’re getting your programs from a trusted source.