Part I: Online File Analysis Services for Microsoft Windows Operating Systems
Have you ever found a suspicious file on your computer, or received one that is untrusted from someone? Perhaps your resident anti-virus alerts you of something that you suspect might be false positive
. If you need a second opinion you can search online for more information, but what if your search brings up nothing? Is there a way to investigate further?
There are online file checking services online that will take submissions. Some of them are more comprehensive than others, so you may need to shop around for the type of output log/statistics that meets your needs. The services use multi-engine scanning to test your submitted file(s) against many different anti-virus vendors’ scanners.
Instructions on the sites may vary. In most cases the procedure is done online, but sometimes files may be sent through a web form, email or a by using a special tool. When submitting a sample online usually it is done by navigating to the file, clicking “Open”, and pasting it into a “Submit Suspicious File” field. Note that some of the services limit file size. After the submission is tested against multiple anti-virus vendors’ scanners, you will have an idea of what it is and who recognizes it. Unless told otherwise, the service will provide the sample to all participating vendors. The report will be issued to you via email, or the report may displayed in a new window.
The following is a list of some of the online file checking services:Avirahttps://analysis.avira.com/en/submitClam AV http://www.gietl.com/test-clamav/
500KB file size limitComodo Instant Malware Analysis http://camas.comodo.com/cgi-bin/submitCuckoo Sandbox’s Malwr Analysishttps://malwr.com/submission
or https://malwr.com/FortiGuardhttps://www.fortiguard.com/antivirus/virus_scanner.htmlJoe Sandbox http://www.joesecurity.org/
For executables, PDF or DOC(Microsoft Word) filesJotti’s Malware Scan http://virusscan.jotti.org/en
Maximum file size: 20MBKaspersky Virus Desk https://virusdesk.kaspersky.com/
For URLs or filesOPSWAT MetaScan https://www.metascan-online.com/en
Maximum file size 140 MBPayload Security’s Hybrid Analysis https://www.hybrid-analysis.com/https://www.reverse.it/
Maximum upload size: 180 MBThreatExpert http://www.threatexpert.com/filescan.aspx
Maximum file size: 5MBVirSCAN http://virscan.org/
Maximum file size: 20MB per file, but must be less than 20 files.
Service supports Rar/Zip compressed files.VirusTotal http://www.virustotal.com/
Maximum file size: 32MB – suspicious files or URL’sVotiro https://cloud.votiro.com/
Cloud Sanitization Service analyzes suspicious files and neutralizes trojans, viruses, worms and zero-day attacks. Maximum file size: 16MB (Supported File Types: pdf,jpg,jpeg,png,bmp,tif,tiff,gif,wmf,emf)
========================================Part II: Sending Samples for Further Research
Have you found one of more files on your computer that you cannot identify by doing an internet search or by submitting suspicious file(s) to an online file checker mentioned in Part I? Perhaps you suspect that it is a dangerous file that an anti-virus vendor needs to inspect and possibly include in its definitions. On the other hand maybe your resident AV has mistaken a good file for a bad one. There is a way to submit suspicious malware samples to the vendors so researchers can do some investigation. Based on their findings, they may decide to add the submission(s) to their signatures
or to simply let you know that their detection has made a mistake.
When working with a member of the SpywareHammer Staff, you may be asked to submit a file to SpywareHammer. Your helper will post the necessary information on how and where to send the file(s).
The following is a list of vendors that will test your submissions. Instructions may vary for each site and are usually detailed. You may be able to submit files online, by using a special tool, or you may be required to send them via email.Avasthttps://www.avast.com/faq.php?article=AVKB258AVGhttp://samplesubmit.avg.comBitdefenderhttp://www.bitdefender.com/submit/DrWebhttps://vms.drweb.com/sendvirus/?lng=enESEThttp://support.eset.com/kb141/?locale=en_USKaspersky
In some cases you will be informed of the results. If a false positive is in question, simply updating your antivirus a few hours later may be all that is needed to resolve the issue.