Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Hello Virustotal? It's Microsoft Calling. - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Hello Virustotal? It's Microsoft Calling.

You might think that phone call might be unlikely, but as of this week it's built in and is likely happening right now.

I was poking around in the latest version of Sysinternals, and tripped over a new option.  You can now submit any running process in memory directly to Virustotal.  it's a simple right-click in the latest version of Process Explorer.

If that's not just the coolest thing!  If your AV product isn't triggering on a suspect process, you can now query all the AV engines without even having to find or upload the file - - assuming that a file that matches your process even exists - if you're in the midst of a security incident a suspect process might not have a matching file.

 

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

===============
Rob VandenBrink
Metafore

Rob VandenBrink

489 Posts
ISC Handler
Worth a sub... http://blogs.technet.com/b/sysinternals/rss.aspx ;-)
lansalot

18 Posts
This is quite a useful checker tool etc.

http://phrozenvtuploader.com/
Cheers, Steve (Sanesecurity.com)
Sanesecurity

21 Posts
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Sanesecurity
39 Posts
Bleh. If I ever weaponize my tools you will submit random EXE files that are part of Windows.
Sanesecurity
39 Posts
Neat idea except it assumes the computer has a working Internet connection.
Analysis of malware on a system isolated from net is safer.
Sanesecurity
7 Posts

Sign Up for Free or Log In to start participating in the conversation!