VirusTotal Lab

FacebookTwitterGoogle+LinkedInEmail
Description
[toggle_content title="Transcript"] Hey Leo Dregier here. I want to talk to you about virustotal, virustotal is just one of many websites that you can go to submit any sort of file or executable or URL that you want analyzed and it will basically determine if it is a virus or not. So we are going to test this out to see what it identifies - first go ahead and choose a file. Go ahead and grab - I am going to go ahead and grab something out of the ethical hacking toolkit here. So we are going to go to viruses and worms - virus construction kits - virus maker and grab and JPS. Upload that and then scan it you have to upload the file to complete the hash on it. It allows it to be easily compared to any other known file of the exact same integrity. So file already analyzed this file was last analyzed by program on 12:25 it was first analyzed on 2007. So it has been around that long. Detection ratio 46 out of 52 you can take a look at the last analysis or do it again. So we will just look at the last one for simplicity. So you can see it computes SHA 256 hash on it. It identifies it as a back door these are actually all over the actual names. The vendor probably could reference. So it will come up as any single one of these. So basically you see that it is a back door or trojan you also can see the difference in a virus vendors on the left here. The programs versus the specific virus in that program and then the of course the updates. The detail of the file, where it comes from, file version. So you can get pretty good specifics, tool upx can analyze this as well. That is another tool commandment tool that you could easily use here. The names - the virtual addresses and the five hashes the different files that is actually used or what they are called. A number of physical resources by type - there are some of the meta data so you get the idea any sort of relationship to other hashes any additional information. Most of these can hashes here – not really too much you can learn about - it already too obvious that is relatively it. That is virus total it is a quick way to grab a file and I wonder if this is malicious or has any else around it. So I would include that in my quick sanity check - hey let us look at the obvious first. This is just an easy web site that anybody can use - everybody from grandma to grandpa down to a seven year old I am sure. So everybody should do this exists or websites like this. So that way when you are analyzing code - we have done the hard work to make them tap into that - the real tricky part comes in when a website like this does not come anything. It is not getting any results and then you have to wonder am I on chartered territory now? So my name is Leo Dregier thank you for watching, don't forget to check us out on Facebook, LinkedIn YouTube and Twitter. [/toggle_content] This next lab in the Web Application series introduces you to VirusTotal. VirusTotal is a utility that confirms the target "is" or "is not" a virus. This lab delivers a thorough demonstration on the use of this file and url scanning tool, and helps us understand its importance as a "go-to" resource for Penetration Testing.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel