Blog VirusTotal

We are proud to present the new version of VirusTotal Uploader with the digit '2' in the version string.

There are quite a few changes introduced in the new version, including the old functionality being tweaked, as well as various new features being added. At the same time, we managed to keep the Uploader very light-weighted, so it won't take neither too much disk space (below 0.2 MB) nor CPU power.

At this time, we would like to thank you for the feedback we have received from you so far, all the e-mails were read and taken into account while designing the second version of the Uploader, greatly affecting the shape of the final release!

Let's start with the original functionality tweaks!

First of all, you are now able to upload up to 5 files at a time, which comes in handy in case of multiple-file malware queries. Additionally, the file limit has been increased to 20 MB per file.

Second frequently requested tweak is a pre-upload check if the file is already present in the VirusTotal database. In this version, the Uploader calculates a hash of the file before uploading it, and checks if it appears in the database. If so, the file doesn't get uploaded, saving both time and transfer. Of course, you are still able to force the uploading of the file for reanalysis.

Additionally, many old functionality bugs have been fixed.

As for the new features: you can now execute the Uploader as a standalone application! In this mode, it is possible to upload a selected process executable, selected from the process list, to the VT, you can drag&drop files for uploading, as well as enter an URL address with a suspicious file, which will get safely uploaded to the VirusTotal for analysis!

You can download the VirusTotal Uploader 2.0 here. Any feedback is welcome, so if you like our application, have found a bug, or have a feature request, don't hesitate to write us.

We've added Microsoft's Sigcheck results in the VT reports. It is a very interesting tool that shows information about files, and specially interesting, about digital signatures. I want to thank Microsoft people (specially to Mark Russinovich) for the permission to use it here.

Today we're including the AV engine from Jiangmin, a Chinese antivirus company. I would like to thank Shaowen for his help during the integration of this engine.

We have added the Didier Stevens' PDFiD tool result in the VT reports. This is an interesting tool as it checks the PDF content to identify several keywords thay may help identifying potentially suspicious documents. He also included a reference about the keywords, explaining their meaning. I want to thank Didier for all his help in the integration of this cool tool.

We've just added a new metadata in the reports: the results of the Reference Data Set from NIST NSRL, a quite big set information of known files. Quoting from their web site:

" The RDS is a collection of digital signatures of known, traceable software applications. There are application hash values in the hash set which may be considered malicious, i.e. steganography tools and hacking scripts. There are no hash values of illicit data, i.e. child abuse images. "

I want to thank NIST people for giving us their permission to use this valuable resource.

Today we've included the Antiy-AVL engine from Antiy, a Chinese antivirus company. Thanks to Song Bing for helping in the integration of this scanner.