Hello Virustotal? It's Microsoft Calling.
You might think that phone call might be unlikely, but as of this week it's built in and is likely happening right now.
I was poking around in the latest version of Sysinternals, and tripped over a new option. You can now submit any running process in memory directly to Virustotal. it's a simple right-click in the latest version of Process Explorer.
If that's not just the coolest thing! If your AV product isn't triggering on a suspect process, you can now query all the AV engines without even having to find or upload the file - - assuming that a file that matches your process even exists - if you're in the midst of a security incident a suspect process might not have a matching file.
Sysinternals: http://technet.microsoft.com/en-us/sysinternals
VirusTotal: https://www.virustotal.com/
===============
Rob VandenBrink
Metafore
Comments
Anonymous
Feb 7th 2014
1 decade ago
http://phrozenvtuploader.com/
Cheers, Steve (Sanesecurity.com)
Anonymous
Feb 7th 2014
1 decade ago
Anonymous
Feb 8th 2014
1 decade ago
Anonymous
Feb 8th 2014
1 decade ago
Analysis of malware on a system isolated from net is safer.
Anonymous
Feb 9th 2014
1 decade ago