|
About a year ago, Rob had a diary entry about checking a file from Process Explorer with VirusTotal. Did you know you can have all EXEs of running processes scanned with VirusTotal? In Process Explorer, add column VirusTotal:
Enable VirusTotal checks:
And accept the VirusTotal terms:
(update: as you can see, by default Process Explorer only submits hashes to VirusTotal, not files, unless you explicitly instruct it to submit a file). And now you can see the VirusTotal scores:
Process Explorer is not the only Sysinternals tool that comes with VirusTotal support. I'll showcase more tools in upcoming diary entries. Sysinternals: http://technet.microsoft.com/en-us/sysinternals VirusTotal: https://www.virustotal.com/ Didier Stevens |
DidierStevens 638 Posts ISC Handler Jul 17th 2015 |
| Thread locked Subscribe |
Jul 17th 2015 6 years ago |
|
If you don't have direct access to the internet, you'll need to specify a proxy. Unfortunately, it won't take IE's proxy setting, you'll need to set it via netsh:
backup your settings: netsh winhttp show proxy set the proxy netsh winhttp set proxy <ip addr>:<port> Don't forget to reset your proxy settings when you are done: netsh winhttp reset proxy (or the appropriate command from your backup) |
Ed 4 Posts |
| Quote |
Jul 17th 2015 6 years ago |
|
Thanks Didier. I have been trying to find a way to make the autorunsc program work through our proxy. However when I set the WinHTTP proxy, the autorunsc program does not seem to use it (still attempts to go direct which fails). Have you or anyone else here found a solution?
Derek @dsplice |
dsplice 12 Posts |
| Quote |
Jul 21st 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
