Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working

Published: 2020-12-20. Last Updated: 2020-12-20 18:08:26 UTC
by Didier Stevens (Version: 1)
6 comment(s)

A quick heads-up to those of you that use Sysinternals tools like Process Explorer to check PE files on VirusTotal: this is not working for the moment.

We've had reports and saw Tweets about this issue in the past days.

We confirm there is an issue: a check for notepad.exe with Process Explorer results in a not-found reply:

{"data": [{"found": false, "hash": "C401CD335BA6A3BDAF8799FDC09CDC0721F06015"}], "result": 1}

Let's hope this gets sorted out after the weekend.

Update: I was asked how I obtained VirusTotal's not-found reply. I used a debugging proxy server (Fiddler), details are in this video:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
6 comment(s)

Comments

Thank You Didier and SANS and ISC :) you are the best
A Happy Merry Christmas for all.
Please take care
Carlos A. from PT :)
netmanzim
Thank you! :-)
:( Still not working
from VT : "There are some issues with the sysinternals VT integration. We are working with the sysinternals team to try to find a solution.
Unfortunately we don't have an estimated date on when this will be resolved."
sorry duplicate
It´s working, up and running :) thank you to all

Diary Archives