Monday, October 2, 2023

, , , ,

October 2nd, 2023 - Strings searching, VMRAY screenshots and Private Scanning deletions

What's new?

  • File/URL response content strings searching. Other than a Threat Intelligence suite allowing its users to research world-wide emerging threat patterns, VT ENTERPRISE is also an automated malware analysis solution performing {reputational, static, dynamic, code, similarity} analysis of suspicious files. One of the static analysis components that runs on files is strings extraction, it runs on absolutely all uploaded files and VT ENTERPRISE users can both download files and see/download the strings for files uploaded by themselves or any other VirusTotal Community user. Moreover, strings extraction also acts on the content returned when checking URLs. We recently included functionality to download strings dumps for offline scrutiny, we are now extending strings-related capabilities with online search. Users can now search across file/URL response content strings within their browsers.

  • VMRAY screenshots. VirusTotal not only analyzes files, domains, IP addresses and URLs with multiple antivirus vendors and blocklists, we also run a myriad of home-grown, open source and 3rd-party tools on these artifacts, including dynamic analysis sandboxes. Every executable (and other file formats) uploaded to VirusTotal gets detonated in both VirusTotal-developed and 3rd-party partner dynamic analysis environments to produce behavioral information such as domains contacted, payload download URLs, files created, registry keys set, etc. One of the 3rd-party sandbox vendor participating in this community effort is VMRay. VMRay has extended the data shared with VirusTotal to include screenshots produced during detonation, see example.

  • Delete private files and analyses, via API or UI. VirusTotal Private Scanning allows its users to “see files through VirusTotal’s eyes” without making those files or their reports downloadable/visible to any 3rd-party beyond their own organizations, i.e. in a non-shareable fashion. All standard VirusTotal analysis components are included (reputation, static, dynamic - sandboxes, code, similarity analysis) except for multi-antivirus scanning. Private scans have a default 24h TTL both for uploaded files and their corresponding reports. Users also have the option to extend this TTL. We’ve now added additional API and UI actions allowing users to delete both files and their corresponding reports before the TTL is met.