Submitting Suspicious Files to Security Vendors

  • 0 Replies

Offline ArticlesTeam

  • News & Articles Team
  • Bronze Member
  • 67
Submitting Suspicious Files to Security Vendors
« on: October 23, 2016, 09:55:42 AM »

Part I: Online File Analysis Services for Microsoft Windows Operating Systems

Have you ever found a suspicious file on your computer, or received one that is untrusted from someone? Perhaps your resident anti-virus alerts you of something that you suspect might be false positive. If you need a second opinion you can search online for more information, but what if your search brings up nothing? Is there a way to investigate further?
There are online file checking services online that will take submissions.  Some of them are more comprehensive than others, so you may need to shop around for the type of output log/statistics that meets your needs.  The services use multi-engine scanning to test your submitted file(s) against many different anti-virus vendors’ scanners.
Instructions on the sites may vary. In most cases the procedure is done online, but sometimes files may be sent through a web form, email or a by using a special tool. When submitting a sample online usually it is done by navigating to the file, clicking “Open”, and pasting it into a “Submit Suspicious File” field.  Note that some of the services limit file size. After the submission is tested against multiple anti-virus vendors’ scanners, you will have an idea of what it is and who recognizes it.  Unless told otherwise, the service will provide the sample to all participating vendors. The report will be issued to you via email, or the report may displayed in a new window.

The following is a list of some of the online file checking services:


Clam AV
500KB file size limit

Comodo Instant Malware Analysis

Cuckoo Sandbox’s Malwr Analysis


Joe Sandbox
For executables, PDF or DOC(Microsoft Word) files

Jotti’s Malware Scan
Maximum file size: 20MB

Kaspersky Virus Desk
For URLs or files

Maximum file size 140 MB

Payload Security’s Hybrid Analysis
Maximum upload size: 180 MB

Maximum file size: 5MB

Maximum file size: 20MB per file, but must be less than 20 files.
Service supports Rar/Zip compressed files.

Maximum file size: 32MB – suspicious files or URL’s

Cloud Sanitization Service analyzes suspicious files and neutralizes trojans, viruses, worms and zero-day attacks. Maximum file size: 16MB  (Supported File Types: pdf,jpg,jpeg,png,bmp,tif,tiff,gif,wmf,emf)


Part II: Sending Samples for Further Research

Have you found one of more files on your computer that you cannot identify by doing an internet search or by submitting suspicious file(s) to an online file checker mentioned in Part I? Perhaps you suspect that it is a dangerous file that an anti-virus vendor needs to inspect and possibly include in its definitions. On the other hand maybe your resident AV has mistaken a good file for a bad one.  There is a way to submit suspicious malware samples to the vendors so researchers can do some investigation. Based on their findings, they may decide to add the submission(s) to their signatures or to simply let you know that their detection has made a mistake.

When working with a member of the SpywareHammer Staff, you may be asked to submit a file to SpywareHammer. Your helper will post the necessary information on how and where to send the file(s).

The following is a list of vendors that will test your submissions. Instructions may vary for each site and are usually detailed. You may be able to submit files online, by using a special tool, or you may be required to send them via email.






For URLs:
For files:







In some cases you will be informed of the results. If a false positive is in question, simply updating your antivirus a few hours later may be all that is needed to resolve the issue.


« Last Edit: October 28, 2016, 05:54:59 AM by ArticlesTeam »