Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VirusTotal - Free service to analyze new samples


  • Please log in to reply
80 replies to this topic

#31 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 30 November 2013 - 11:03 AM

:thumbup2:
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


m

#32 StevenGerrard

StevenGerrard

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 26 February 2014 - 03:29 PM

Thanks for your sharing this information but i use one link but i did not able to use it .. :(



#33 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 26 February 2014 - 03:38 PM

What link in this topic were you not able to use?
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#34 RevGAM

RevGAM

  • Members
  • 696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, Wisconsin, USA
  • Local time:01:40 AM

Posted 27 May 2014 - 10:03 AM

Last year, in post #22, czarboom asked an interesting question that I didn't see an answer to, and I have a related question.  It was about all of the PC magazines and their rankings of AV products.  I, personally, don't trust PCMag and some of the others because I've noticed a bias issue, so are there any reliable resources out there that are easy to understand and neutral?  I tried a couple of times to look at (back when there were only about 3) the labs that test and rate AV programs, but I was never able to get to the results.  Also, I realize that some of these labs do tests under controlled conditions that do not actually show how AVs perform under realistic conditions....?  Thanks!


Namaste, Peace & Love,
Glenn


If I have frustrated you, then I must be a student. If I've imparted information or a skill to you, then I must be a teacher. If I've helped you, then I must be a volunteer. If I've touched your life, then I must be happy!
If you had to choose between saving just your family, or saving 10,000 GOOD people (but not your family), what would you choose?


#35 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 27 May 2014 - 07:53 PM

There are several labs which test the effectiveness of major anti-virus programs to include AV-Comparatives.org, Virus Bulletin Comparative Tests, AV-Test.org, NSS Labs Consumer Anti-Malware Products Group Test Report, MRG-Effitas, etc....PCMag is not one of them.These kinds of comparative testing results will vary depending on a variety of factors to include but not limited to who conducted the testing, what they were testing for (type of threats, attack vectors, exploits), what versions of anti-virus software was tested, what type of scanning engine was used, and the ability to clean or repair. There are no universally predefined set of standards or criteria for testing which means each test will yield different results. As such, you need to look for detailed information about how the tests were conducted, the procedures used, and data results.

Further, if you're dealing with zero-day malware it's unlikely the anti-virus testing is going to detect anything. It takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus researchers before they can add a new threat to database definitions.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#36 RevGAM

RevGAM

  • Members
  • 696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee, Wisconsin, USA
  • Local time:01:40 AM

Posted 27 May 2014 - 08:27 PM

Excellent information, of course.  So, I guess what you're saying in a round-about sort of way is that there is no magic website to look to to get clear information.  No metasite looks at the data from all those companies you listed and then produces a report, either.

 

Is that correct?


Namaste, Peace & Love,
Glenn


If I have frustrated you, then I must be a student. If I've imparted information or a skill to you, then I must be a teacher. If I've helped you, then I must be a volunteer. If I've touched your life, then I must be happy!
If you had to choose between saving just your family, or saving 10,000 GOOD people (but not your family), what would you choose?


#37 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 28 May 2014 - 04:35 AM

No...I am saying the test results will vary depending on a variety of factors so you cannot make specific conclusions based on what one site alone says.

With that said, this is moving off the original topic which is specifically about VirusTotal's service to analyze new malware samples. If you would like to discuss comparative test results, please start a new topic.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#38 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 08 June 2014 - 03:38 PM

List of Other Online File analyzers:
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#39 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:02:40 AM

Posted 09 June 2014 - 11:23 PM

Excellent information, of course.  So, I guess what you're saying in a round-about sort of way is that there is no magic website to look to to get clear information.  No metasite looks at the data from all those companies you listed and then produces a report, either.

 

Is that correct?

Also sites like CERT and SANS or the NIST or http://csrc.nist.gov/ (security focus site) are the offical "un" sites for tech and IT in the united states.  Good resources but they are a pain to search without some understanding of the language they use.  Meaning RFCs and IETFs and EDUs, but if you can do it, you can find some really good guides and tools.


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#40 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 10 June 2014 - 09:51 AM

Yes, CERT, SANS, NIST and similar sites are excellent security resources but that is a topic for a separate discussion.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#41 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:02:40 AM

Posted 10 June 2014 - 10:37 PM

correct but the SANS S.T.O.R.M center has great active virus info, but you are correct in virus finding. 

A good site for unknown and known malware is

https://anubis.iseclab.org/?action=home

its a site for collection of windows and android APKs and unknowns. 


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#42 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 11 June 2014 - 05:39 AM

:thumbup2:
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#43 ocean77

ocean77

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:02:40 AM

Posted 13 August 2014 - 03:44 AM

I've been using Superantispyware for a while now, is Virus Total a replacement?



#44 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:40 AM

Posted 13 August 2014 - 05:14 AM

No its not. Did you read the first post of this topic which includes the following statement?

Virustotal is a service developed by Hispasec Sistemas, independent IT Security laboratory, that makes use of several command line versions of antivirus engines, updated regulary with official signature files published by their respective developers.


About VirusTotal
VirusTotal FAQs
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#45 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 18,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:02:40 AM

Posted 19 January 2015 - 06:26 PM

Alright,

So after two quick searches on BleepingComputer, I noticed that the websites mentionned in the thread title weren't introduced on here so far, and being a big user of both of these, I decided to post in the "main" thread for these kind of websites to introduce them.

Malwr.com and Hybrid-Analysis.com are what we call "online analysis" website. They are websites on which you can upload a website and obtain various information on it such as Antivirus detection, network communications, dropped files, etc. Basically, these websites are like VirusTotal and Anubis (and also like a lot of other websites that does the same thing as these two).

Malwr.com

Malwr.com is a non-commercial and independant online file analysis website created and operated by Claudio nex Guarnieri and Alessandro jekil Tanasi, which are Security Developpers/Hackers. Malwr.com mainly runs on a malware anslysis tool that they created, called Cuckoo Sandbox. Hence you would see Malwr.com as the web version of that tool. They also include VirusTotal's website in their service. Malwr.com allows you to research analysis of files based on their MD5 signatures, and also by signing up on the website to have access to more features. Despite this, the whole service is free to use for everyone, and login in the website isn't required. Here's more information about the website, taken directly from their "About Us" webpage.

About what is it
What is Malwr?
Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.

Mission

Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people's data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.

Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone's daily work and give a contribution to the community.

Independent

Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.

Non-Commercial

We do not profit on your data. The files you submit, the information you provide and any other use you make of the website is not commercialized in any way. We create and use open source technology. We're not advertising any commercial product, we are not collecting data to enrich any existing product.

Privacy

Unless you specify otherwise, the files you submit are not shared outside. While we believe in the value of sharing within our community and the larger public, we do strongly believe in respecting your privacy and the confidentiality of the data you handle.

We really invite you to read our Terms of Service for "detailed" "policies".

Contacts
For inquiries you can contact us at the following email address:


You can also find us on FreeNode IRC on channel #malwr.

People
Malwr was created and is operated by Claudio nex Guarnieri and Alessandro jekil Tanasi.

The behavioral analysis graph was created by Andy Nordbo.

Malwr is powered by The Shadowserver Foundation.

Technology
Malwr is mainly based on an open source malware analysis tool we also created and develop called Cuckoo Sandbox.

Malwr also uses the following services, tools and libraries:

VirusTotal
Support
Malwr is an independent and non-commercial project. We spent a gazillion amount of hours building it and operating it and we have some costs in maintaining it. You will find Flattr buttons, similar to the one below, across the website: flattr is an amazing service that allows you to make micropayments in support of authors that produced content you find valuable.

Source: https://malwr.com/about/

Hybrid-Analysis.com

Hybrid-Analysis.com is another file analysis service from the company Payload-Security. You can submit pretty much any kind of file on their website to get a full behavior analysis of it. The website is powered by their main product, VxStream Sandbox and StaticStream, which is an hybrid analysis engine. They also include VirusTotal as part of their service and also offer the option to analyse .zip archive which password is "infected", or without one. The website also offers a "Search" feature, to search files via their MD5 and SHA256 signatures. The website is still new (less than 2 months old), but already completed over 1,500 file analysis.

Here's what they say about the website:

Welcome to the free malware analysis service powered by Payload-Security.com. Using this service you can submit Windows files or PDF/Office documents for behavior analysis. All accepted files will be analyzed using our innovative Hybrid Analysis technology. It is possible to submit encrypted zip archives with the password 'infected', without password or directly. Please contact us if you want to use our interface automatically or for suggestions.

Source: https://www.hybrid-analysis.com/

Hopefully, these websites will be of use to people that wants to check if certain files are infected or not. However, keep in mind that if you don't know how to analyse the results returned by these services, you won't be able to use them at their full potential.

unite_blue.png
Technical Support, Tier 2 | Sysnative Windows Update Senior Analyst | Malware Hunter | R&D at Certly | @AuraTheWhiteHat
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users