Hello Virustotal? It's Microsoft Calling.

You might think that phone call might be unlikely, but as of this week it's built in and is likely happening right now.

I was poking around in the latest version of Sysinternals, and tripped over a new option.  You can now submit any running process in memory directly to Virustotal.  it's a simple right-click in the latest version of Process Explorer.

If that's not just the coolest thing!  If your AV product isn't triggering on a suspect process, you can now query all the AV engines without even having to find or upload the file - - assuming that a file that matches your process even exists - if you're in the midst of a security incident a suspect process might not have a matching file.

 

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

===============
Rob VandenBrink
Metafore

Rob VandenBrink

582 Posts
ISC Handler
Feb 7th 2014
Worth a sub... http://blogs.technet.com/b/sysinternals/rss.aspx ;-)
lansalot

23 Posts
This is quite a useful checker tool etc.

http://phrozenvtuploader.com/
Cheers, Steve (Sanesecurity.com)
Sanesecurity

21 Posts
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Sanesecurity
39 Posts
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Sanesecurity
39 Posts
Neat idea except it assumes the computer has a working Internet connection.
Analysis of malware on a system isolated from net is safer.
Sanesecurity
7 Posts

Sign Up for Free or Log In to start participating in the conversation!