Monday, October 2, 2023

, , , ,

October 2nd, 2023 - Strings searching, VMRAY screenshots and Private Scanning deletions

What's new?

  • VMRAY screenshots. VirusTotal not only analyzes files, domains, IP addresses and URLs with multiple antivirus vendors and blocklists, we also run a myriad of home-grown, open source and 3rd-party tools on these artifacts, including dynamic analysis sandboxes. Every executable (and other file formats) uploaded to VirusTotal gets detonated in both VirusTotal-developed and 3rd-party partner dynamic analysis environments to produce behavioral information such as domains contacted, payload download URLs, files created, registry keys set, etc. One of the 3rd-party sandbox vendor participating in this community effort is VMRay. VMRay has extended the data shared with VirusTotal to include screenshots produced during detonation, see example.

  • Delete private files and analyses, via API or UI. VirusTotal Private Scanning allows its users to “see files through VirusTotal’s eyes” without making those files or their reports downloadable/visible to any 3rd-party beyond their own organizations, i.e. in a non-shareable fashion. All standard VirusTotal analysis components are included (reputation, static, dynamic - sandboxes, code, similarity analysis) except for multi-antivirus scanning. Private scans have a default 24h TTL both for uploaded files and their corresponding reports. Users also have the option to extend this TTL. We’ve now added additional API and UI actions allowing users to delete both files and their corresponding reports before the TTL is met.