Process Explorer Now Including VirusTotal Support
Process Explorer—part of the Microsoft’s Sysinternals suite of applications—recently received an upgrade allowing users to query VirusTotal for files running on their PCs.
A lot of the Sysinternals tools are very useful for malware analysis. Some of these tools, like Process Explorer, are occasionally targeted by malware because of it’s ability to view running processes at a very granular level of detail.
In order to use VirusTotal to scan the file of a process running on your computer, you must right-click the file and select ‘Check VirusTotal’.
Before you can submit a file, you have to agree to the Terms-of-Service (ToS). This dialog will not appear again after you click ‘Yes’.
Afterward, you can right-click the file again, this time selecting ‘Properties’. The VirusTotal detections will be displayed near the bottom.
While most researchers are already familiar with VirusTotal, this added functionality will be very useful for anyone wanting to quickly scan a suspicious file on their PC.