Many times we receive an email containing some attachments which look suspicious. You might have come across some unknown files in your USB pen drive. Such files gets created automatically when transfer data to/from your USB drive at public places colleges, cyber cafes, etc.
Having a good and updated antivirus program running on your PC is nice but its not wise to play with suspicious files, particularly when your system have important data. In such situations you can use an online service – VirusTotal.
Virustotal is a free and independent service that analyzes suspicious files and try to detect viruses, worms, trojans, and all kinds of malware detected by other antivirus engines. They use multiple antivirus engines (36 at the time of writing this post) to scan submitted files.
Four Ways To Use VirusTotal
#1. Online Uploader
This is what you will see on their homepage. A simple file upload form. Good options to use with suspicious files on your hard-drive or USB.
Just select a file and hit upload. Your file will be sent to their server for analysis.
If submitted file is large you will see upload progress bar as well.
Once file is uploaded, you will be redirected to analysis report page for that file. Here is an example report page.
Scanning and reporting happens instantly in most cases! Reason will be explained shortly. 😉
#2. Email Files As Attachment
You can use send files as email attachment to their email address: firstname.lastname@example.org. Write word “SCAN” (without quotes) in email subject line and keep body part of your email blank.
This is good option to use with email attachments you receive online. Just forward your email to email@example.com. Do not forget to edit subject line to “SCAN” and remove body-part completely. It will be foolish to download suspicious files to your PC and then upload again them to VirusTotal using way #1.
Only limitation of this way is you can not send files larger than 20MB.
#3. VirusTotal Uploader Tool (for windows only)
This is small utility, just 80KB in size, available for windows only.
After installing this, you can directly submit any file to VirusTotal using context-menu as shown below.
#4. Hash Search (Geeks way!)
I mentioned above that in most cases, scanning and reporting happens instantly. This is because file you are submitting might be submitted already in past by someone else.
VirusTotal computes checksum values for each submitted file using MD5, SHA-1, SHA-256 and SHA-512 functions. These checksum values are unique for each file. So when you submit a file, VirusTotal first compute checksum for it. For common files, these hash values will likely match with another hash values from database. In that case, you will be redirected to results page directly.
Now if you have large file, you can save your time by computing hash locally using MD5 or openssl command on Linux/Mac. For Windows there must be some software to compute MD5/SHA hash values. Just google it.
Snytax: $ MD5 <filename>
Once you get hash value, copy it, just go to this page, paste it there and hit search!
If you do not find any result, then that only means, file you are having is never submitted for analysis in past. In this case, just try any of above method.