Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Process Explorer and VirusTotal InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Process Explorer and VirusTotal

Published: 2015-07-17
Last Updated: 2015-07-17 16:37:40 UTC
by Didier Stevens (Version: 2)
2 comment(s)

About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.

Did you know you can have all EXEs of running processes scanned with VirusTotal?

In Process Explorer, add column VirusTotal:

Enable VirusTotal checks:

And accept the VirusTotal terms:

(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file).

And now you can see the VirusTotal scores:

Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. I'll showcase more tools in upcoming diary entries.

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

2 comment(s)
Diary Archives