Categories

Malware Analysis

Process Explorer Now Including VirusTotal Support

Process Explorer—part of the Microsoft’s Sysinternals suite of applications—recently received an upgrade allowing users to query VirusTotal for files running on their PCs.

Microsoft  acquired Windows Sysinternals (formerly known as Winternals Sotware) in 2006. The service offers a lot of technical resources, among the most popular being the Sysinternals Suite.

A lot of the Sysinternals tools are very useful for malware analysis. Some of these tools, like Process Explorer, are occasionally targeted by malware because of it’s ability to view running processes at a very granular level of detail.

procexp
Running Processes Viewed with Process Explorer

In order to use VirusTotal to scan the file of a process running on your computer, you must right-click the file and select ‘Check VirusTotal’.

checkVT

Before you can submit a file, you have to agree to the Terms-of-Service (ToS). This dialog will not appear again after you click ‘Yes’.

VT_TOS

Afterward, you can right-click the file again, this time selecting ‘Properties’. The VirusTotal detections will be displayed near the bottom.

fileProp

While most researchers are already familiar with VirusTotal, this added functionality will be very useful for anyone wanting to quickly scan a suspicious file on their PC.

_________________________________________________________________

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. Twitter: @joshcannell


4 thoughts on “Process Explorer Now Including VirusTotal Support

  1. Shirley Webler says on January 30, 2014 at 2:40 pm :

    I know this question is going to sound silly, but, you’ll have to pardon me because I’m not a “techie”. ( this is the way I learn, I ask questions).
    But couldn’t the file be scanned for virus’s by just right clicking on the file and scanned with your virus protection program? At least that is the way I scan a particular item….

  2. Joshua Cannell says on January 30, 2014 at 3:58 pm :

    Hi Shirley,

    When you right click a file as you described, you’re only scanning it with one Antivirus/Antimalware program. VirusTotal allows you to scan a file against multiple computer security products. This means that even if your Antivirus program doesn’t detect the file as malicious, it could be detected by another vendor. To learn more about VirusTotal, check out there website at http://www.virustotal.com

  3. billpytlovany says on January 31, 2014 at 8:09 am :

    I hope I’m missing something but on the 29th a new version of Process Explorer was released.(15.40) I had been doing a lot with Process Explorer lately and noticed the new release no longer has a link to VirusTotal. Hopefully I’m missing something but I just double checked and it wasn’t on the right-click menu or the Image tab.

    Bill Pytlovany

  4. Joshua Cannell says on January 31, 2014 at 8:20 am :

    Hi billpytlovany,

    I just verified the VirusTotal functionality is built-in to the lastest release. Just to be sure, I would re-download either Process Explorer or the Sysinternals Suite.

Leave a Reply

Subscribe to our YouTube Channel