Process Explorer and VirusTotal

Published: 2015-07-17. Last Updated: 2015-07-17 16:37:40 UTC
by Didier Stevens (Version: 2)
2 comment(s)

About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal.

Did you know you can have all EXEs of running processes scanned with VirusTotal?

In Process Explorer, add column VirusTotal:

Enable VirusTotal checks:

And accept the VirusTotal terms:

(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file).

And now you can see the VirusTotal scores:

Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. I'll showcase more tools in upcoming diary entries.

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: process explorer sysinternals virustotal
2 comment(s)

Comments

If you don't have direct access to the internet, you'll need to specify a proxy. Unfortunately, it won't take IE's proxy setting, you'll need to set it via netsh:

backup your settings:
netsh winhttp show proxy

set the proxy
netsh winhttp set proxy <ip addr>:<port>

Don't forget to reset your proxy settings when you are done:
netsh winhttp reset proxy (or the appropriate command from your backup)

Anonymous

Jul 17th 2015
9 years ago

Thanks Didier. I have been trying to find a way to make the autorunsc program work through our proxy. However when I set the WinHTTP proxy, the autorunsc program does not seem to use it (still attempts to go direct which fails). Have you or anyone else here found a solution?

Derek
@dsplice

Anonymous

Jul 21st 2015
9 years ago

Login here to join the discussion.


Top of page
Diary Archives