VirusTotal

VirusTotal
Type of site	Internet security, file and URL analyzer
Available in	Arabic, Bulgarian, Chinese, Chinese (Hong Kong), Chinese (Taiwan), Croatian, Czech, Danish, Dutch, English (US), English (GB), Estonian, Filipino, Finnish, French, German, Greek, Hebrew, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Latvian, Lithuanian, Malay, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Vietnamese
Headquarters	Dublin, Ireland
Area served	Worldwide
Created by	Hispasec Sistemas
General manager	Bernardo Quintero
Key people	Bernardo Quintero, Emiliano Martínez, Víctor Manuel Álvarez, Karl Hiramoto, Julio Canto, Alejandro Bermúdez, Juan A. Infantes
Parent	Google LLC (2012–2018); Chronicle (2018–present)
URL	www.virustotal.com
Commercial	No
Registration	Optional
Launched	June 2004;20 years ago
Current status	Active

Last updated October 29, 2024

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012.^[1]^[2] The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

VirusTotal does multiscanning. It aggregates many antivirus products and online scan engines ^[3]^[4] called Contributors.^[5] In November, 2018, the Cyber National Mission Force, a unit subordinate to the U.S. Cyber Command became a Contributor.^[6] The aggregated data from these Contributors allows a user to check for viruses that the user's own antivirus software may have missed, or to verify against any false positives.^[7] Files up to 650 MB can be uploaded to the website, or sent via email (max. 32MB). Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset. VirusTotal uses the Cuckoo sandbox for dynamic analysis of malware.^[8] VirusTotal was selected by PC World as one of the best 100 products of 2007.^[9]

Products and services

Windows Uploader

VirusTotal's Windows Uploader^[10] is a discontinued desktop application which integrates into File Explorer's context menu, under Send To > VirusTotal. The application also launches manually for submitting a URL or a program that is currently running in the OS.

VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form https://www.virustotal.com/latest-scan/SHA256. File uploads are normally limited to 650 MB.^[11] In 2017 VirusTotal discontinued the Windows Uploader, listing the third party VirusTotalUploader program as an alternative.^[12]

Uploader for Mac OS X and Linux

The Mac OS X and Linux uploaders are similar to the Windows app. One can upload a file via the app's UI or context menu and will be given back a result. The Mac OS X app can be downloaded from the VirusTotal website. To use the app on Linux, one needs to compile and build the app using the same core used in the Mac OS X application (provided in the repository).^[12]

VirusTotal for Browsers

There are several browser extensions available, such as VT4Browsers for Mozilla Firefox and Google Chrome, and vtExplorer for Internet Explorer.^[13] They allow the user to download files directly with VirusTotal's web application prior to storing them in the computer, as well as scanning URLs.^[14]

VirusTotal for Mobile

The service also offers an Android app,^[15] which employs the public API to search any installed application for VirusTotal's previously scanned ones and show its status. Any application not previously scanned can be submitted, but an API key must be provided and other restrictions to public API usage may apply (see: § Public API).

Public API

VirusTotal provides a public API as a free service. It provides automation for some of its online features such as to "upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples". Some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by online signing up, low priority scan queue, and limited number of requests per time frame.^[16]

Antivirus products

Antivirus engines used for detection for uploading files.^[17]

AegisLab (AegisLab)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
AVAST Software (Avast Antivirus)
AVG Technologies (AVG AntiVirus)
Avira
BluePex (AVware)
Baidu (Baidu-International)
BitDefender GmbH (BitDefender)
Bkav Corporation (Bkav)
ByteHero Information Security Technology Team (ByteHero)
Cat Computer Services (Quick Heal)
CMC InfoSec (CMC Antivirus)
CYREN
ClamAV
Comodo (Comodo)
Criminal IP
CrowdStrike
Cybereason
Doctor Web Ltd. (Dr.Web)
Emsisoft Ltd. (Emsisoft)
Endgame
Eset Software (ESET NOD32)
Fortinet
FRISK Software (F-Prot)
F-Secure
Gridinsoft
G Data CyberDefense (G Data)
Hacksoft (The Hacker)
Hauri (ViRobot)
IKARUS Security Software (IKARUS)
INCA Internet (nProtect)
Invincea (Invincea, acquired by Sophos)
Jiangmin (KV Antivirus)
Kaspersky Lab (Kaspersky Anti-Virus)
Kingsoft
Malwarebytes Corporation (Malwarebytes' Anti-Malware)
McAfee
Microsoft (Malware Protection)
MicroWorld (eScan)
NANO Security (NANO Antivirus)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
Palo Alto Networks (Palo Alto Networks Threat Intelligence Cloud)
Qihoo 360
Rising Antivirus (Rising)
SentinelOne
Sophos (SAV)
SUPERAntiSpyware
Symantec Corporation (Symantec)
Tencent
ThreatTrack Security (VIPRE Antivirus)
TotalDefense
Trend Micro (TrendMicro, TrendMicro-HouseCall)
VirusBlokAda (VBA32)
Webroot
WhiteArmor
Yandex
Zillya! (Zillya)
Zoner Software (Zoner Antivirus)

Website/domain scanning engines and datasets

Antivirus scanning engines used for URL scanning.^[17]

ADMINUSLabs (ADMINUSLABS)
AegisLab WebGuard (AegisLab)
Alexa (Amazon)
AlienVault (AlienVault)
Antiy-AVL (Antiy Labs)
AutoShun (RiskAnalytics)
Avira Checkurl (Avira)
Baidu (Baidu-International)
BitDefender
CRDF (CRDF FRANCE)
C-SIRT (Cyscon SIRT)
CLEAN MX
Comodo Site Inspector (Comodo Group)
CyberCrime (Xylitol)
Dr.Web Link Scanner (Dr.Web)
Emsisoft (Emsi Software GmbH)
ESET
FortiGuard Web Filtering (Fortinet)
G Data
Google Safe Browsing (Google)
Kaspersky URL advisor (Kaspersky Lab)
Malc0de Database (Malc0de)
Malekal (Malekal's MalwareDB)
Malwarebytes hpHosts (Malwarebytes)
Malwared (Malwared.malwaremustdie.org)
Malware Domain Blocklist (DNS-BH - Malware Domain Blocklist)
Malware Domain List (Malware Domain List)
MalwarePatrol (MalwarePatrol)
Malwares.com (Saint Security)
Netcraft
Opera
Palevo Tracker (Abuse.ch)
ParetoLogic URL Clearing House (ParetoLogic)
PhishFort
Phishtank (OpenDNS)
Quttera (Quttera Ltd.)
SCUMWARE (Scumware.org)
SecureBrain (SecureBrain)
Sophos
SpyEye Tracker (Abuse.ch)
StopBadware (StopBadware)
Sucuri SiteCheck (Sucuri)
ThreatHive (The Malwarelab)
Trend Micro Site Safety Center (Trend Micro)
urlQuery (urlQuery.net)
VX Vault
Websense ThreatSeeker (Websense)
Webutation
Wepawet (iseclab.org)
Yandex Safe Browsing (Yandex)
ZCloudsec (Zcloudsec)
ZDB Zeus
ZeuS Tracker (Abuse.ch)
Zvelo

File characterization tools & datasets

Utilities used to provide additional info on uploaded files.^[17]

Androguard (Anthony Desnos)
Cuckoo Sandbox (Claudio Guarnieri)
ExifTool (Phil Harvey)
Magic descriptor (Linux)
NSRL information (NIST's National Software Reference Library)
PDFiD (Didier Stevens)
pefile (Ero Carrera)
PEiD (Jibz)
Sigcheck (Mark Russinovich)
Snort (Sourcefire)
ssdeep (Jesse Kornblum)
Suricata (Open Information Security Foundation)
Taggant packer information tool (ReversingLabs)
TrID (Marco Pontello)
UEFI Firmware parser (Teddy Reed)
Wireshark (Wireshark Foundation)
Zemana behaviour (Zemana)
CarbonBlack (CarbonBlack)

Privacy

Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal About Page states under VirusTotal and confidentiality:^[18]

Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection. By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.

Related Research Articles

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

ClamAV (antivirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses. It was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64), Solaris and Haiku. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows. Both ClamAV and its updates are made available free of charge. One of its main uses is on mail servers as a server-side email virus scanner.

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.

CARO is an organization that was established in 1990 to research and study malware.

Kaspersky Anti-Virus is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.

CamStudio is an open-source screencasting program for Microsoft Windows released as free software. The software renders videos in an AVI format. It can also convert these AVIs into Flash Video format, embedded in SWF files. CamStudio is written in C++, but CamStudio 3 will be developed in C#. The program has distributed malware and harmful viruses via the installer.

Malwarebytes is anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. This is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

The Virus Information Alliance (VIA) is an international partnership created by the Microsoft Corporation in association with various antivirus software vendors. Alliance members exchange technical information about newly discovered malicious software (malware) so they can quickly communicate information to customers.

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

Multiscanning is running multiple anti-malware or antivirus engines concurrently. Traditionally, only a single engine can actively scan a system at a given time. Using multiple engines simultaneously can result in conflicts that lead to system freezes and application failures. However, a number of security applications and application suites have optimized multiple engines to work together.

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

MacKeeper is a cleanup utility for macOS. MacKeeper was developed by ZeoBIT, later acquired by Kromtech, and is currently owned by Clario Tech.

PCKeeper is advertised as an optimization services package featuring a set of software utilities for Windows OS owned by Essentware S.A.. It includes 2 separate products for Windows: PCKeeper Live and PCKeeper Antivirus.

Kromtech Alliance Corp. is a Security software organization and IT investment and development company that develops software and provides customer support services for Apple's Mac OS. Kromtech Alliance Corp previously owned and distributed MacKeeper, Memory Keeper, and the anti-theft application Track My Mac.

Trojan.Win32.FireHooker or Trojan:Win32/FireHooker is the definition of a Trojan downloader, Trojan dropper, or Trojan spy created for the Windows platform. Its first known detection goes back to September, 2015, according to the AVV Trend Micro.

References

↑ Lardinois, Frederic (7 September 2012). "Google Acquires Online Virus, Malware and URL Scanner VirusTotal". TechCrunch . Retrieved 12 April 2013.
↑ VirusTotal Team (7 September 2012). "An update from VirusTotal". Blog.virustotal.com. Retrieved 3 June 2016.
↑ "Credits & Acknowledgements : About VirusTotal". VirusTotal. Retrieved 6 July 2014.
↑ "Example Report". Virustotal.com. 2 April 2014. Retrieved 3 June 2016.
↑ "Contributors". VirusTotal.
↑ "New CNMF initiative shares malware samples with cybersecurity industry > U.S. Cyber Command > News". www.cybercom.mil. Archived from the original on 30 September 2020. Retrieved 22 February 2022.
↑ "About VirusTotal". Virustotal.com. Archived from the original on 12 August 2010. Retrieved 3 June 2016.
↑ "Credits of VirusTotal". Virustotal.com. Retrieved 27 November 2021.
↑ Dahl, Eric (21 May 2007). "The 100 Best Products of 2007". PCWorld. IDG Consumer & SMB. Retrieved 3 June 2016.
↑ "VirusTotal Windows Desktop Application". VirusTotal. Retrieved 16 February 2014.
↑ "Should I upload files larger than 650MBs ?". FAQ. VirusTotal. Retrieved 11 July 2024.
1 2 "Desktop Apps". VirusTotal. VirusTotal. Retrieved 24 December 2018.
↑ "VirusTotal". VirusTotal.
↑ "VTzilla: Mozilla Firefox Browser Extension". VirusTotal. Retrieved 23 March 2014.
↑ "VirusTotal for Android". VirusTotal. Retrieved 23 March 2014.
↑ "VirusTotal Public API v2.0". VirusTotal. Retrieved 23 March 2014.
1 2 3 "Credits & Acknowledgements". Virustotal. Virustotal. Retrieved 3 June 2016.
↑ "VirusTotal". support.virustotal.com. Retrieved 24 October 2019.

External links

Official website

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Lardinois, Frederic (7 September 2012). "Google Acquires Online Virus, Malware and URL Scanner VirusTotal". TechCrunch . Retrieved 12 April 2013.

[2] VirusTotal Team (7 September 2012). "An update from VirusTotal". Blog.virustotal.com. Retrieved 3 June 2016.

[3] "Credits & Acknowledgements : About VirusTotal". VirusTotal. Retrieved 6 July 2014.

[4] "Example Report". Virustotal.com. 2 April 2014. Retrieved 3 June 2016.

[5] "Contributors". VirusTotal.

[6] "New CNMF initiative shares malware samples with cybersecurity industry > U.S. Cyber Command > News". www.cybercom.mil. Archived from the original on 30 September 2020. Retrieved 22 February 2022.

[7] "About VirusTotal". Virustotal.com. Archived from the original on 12 August 2010. Retrieved 3 June 2016.

[8] "Credits of VirusTotal". Virustotal.com. Retrieved 27 November 2021.

[2007BestProducts-9] Dahl, Eric (21 May 2007). "The 100 Best Products of 2007". PCWorld. IDG Consumer & SMB. Retrieved 3 June 2016.

[10] "VirusTotal Windows Desktop Application". VirusTotal. Retrieved 16 February 2014.

[11] "Should I upload files larger than 650MBs ?". FAQ. VirusTotal. Retrieved 11 July 2024.

[WinUp-12] 1 2 "Desktop Apps". VirusTotal. VirusTotal. Retrieved 24 December 2018.

[13] "VirusTotal". VirusTotal.

[14] "VTzilla: Mozilla Firefox Browser Extension". VirusTotal. Retrieved 23 March 2014.

[15] "VirusTotal for Android". VirusTotal. Retrieved 23 March 2014.

[16] "VirusTotal Public API v2.0". VirusTotal. Retrieved 23 March 2014.

[Files/URL-17] 1 2 3 "Credits & Acknowledgements". Virustotal. Virustotal. Retrieved 3 June 2016.

[18] "VirusTotal". support.virustotal.com. Retrieved 24 October 2019.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]