Hello Virustotal? It's Microsoft Calling.

Published: 2014-02-07
Last Updated: 2014-02-07 02:18:57 UTC
by Rob VandenBrink (Version: 1)
5 comment(s)

You might think that phone call might be unlikely, but as of this week it's built in and is likely happening right now.

I was poking around in the latest version of Sysinternals, and tripped over a new option.  You can now submit any running process in memory directly to Virustotal.  it's a simple right-click in the latest version of Process Explorer.

If that's not just the coolest thing!  If your AV product isn't triggering on a suspect process, you can now query all the AV engines without even having to find or upload the file - - assuming that a file that matches your process even exists - if you're in the midst of a security incident a suspect process might not have a matching file.

 

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

===============
Rob VandenBrink
Metafore

5 comment(s)

Comments

Worth a sub... http://blogs.technet.com/b/sysinternals/rss.aspx ;-)
This is quite a useful checker tool etc.

http://phrozenvtuploader.com/
Cheers, Steve (Sanesecurity.com)
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Neat idea except it assumes the computer has a working Internet connection.
Analysis of malware on a system isolated from net is safer.

Diary Archives