Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working

Published: 2020-12-20
Last Updated: 2020-12-20 18:08:26 UTC
by Didier Stevens (Version: 1)
6 comment(s)

A quick heads-up to those of you that use Sysinternals tools like Process Explorer to check PE files on VirusTotal: this is not working for the moment.

We've had reports and saw Tweets about this issue in the past days.

We confirm there is an issue: a check for notepad.exe with Process Explorer results in a not-found reply:

{"data": [{"found": false, "hash": "C401CD335BA6A3BDAF8799FDC09CDC0721F06015"}], "result": 1}

Let's hope this gets sorted out after the weekend.

Update: I was asked how I obtained VirusTotal's not-found reply. I used a debugging proxy server (Fiddler), details are in this video:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
6 comment(s)

Wireshark 3.4.2 Released

Published: 2020-12-20
Last Updated: 2020-12-20 09:47:40 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Less than 2 weeks after release 3.4.1, there's already another release of Wireshark: 3.4.2.

That's probably because of bug 17075: Wireshark 3.4.1 hangs on startup on macOS Big Sur 11.0.1.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: update wireshark
0 comment(s)
Diary Archives