VirusTotal

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

VirusTotal does multiscanning, it aggregates many antivirus products and online scan engines called Contributors. In November, 2018, the Cyber National Mission Force, a unit subordinate to the U.S. Cyber Command became a Contributor. The aggregated data from these Contributors allows a user to check for viruses that the user's own antivirus software may have missed, or to verify against any false positives. Files up to 650 MB can be uploaded to the website, or sent via email (max. 32MB). Anti-virus software vendors can receive copies of files that were flagged by other scans but passed by their own engine, to help improve their software and, by extension, VirusTotal's own capability. Users can also scan suspect URLs and search through the VirusTotal dataset. VirusTotal uses the Cuckoo sandbox for dynamic analysis of malware. VirusTotal was selected by PC World as one of the best 100 products of 2007.

Windows Uploader
VirusTotal's Windows Uploader is a discontinued desktop application which integrates into File Explorer's context menu, under Send To > VirusTotal. The application also launches manually for submitting a URL or a program that is currently running in the OS.

VirusTotal stores the name and various hashes for each scanned file. Already scanned files can be identified by their known (e.g., VT default) SHA256 hash without uploading complete files. The SHA256 query URL has the form. File uploads are normally limited to 650 MB. In 2017 VirusTotal discontinued the Windows Uploader, listing the third party VirusTotalUploader program as an alternative.

Uploader for Mac OS X and Linux
The Mac OS X and Linux uploaders are similar to the Windows app. One can upload a file via the app's UI or context menu and will be given back a result. The Mac OS X app can be downloaded from the VirusTotal website. To use the app on Linux, one needs to compile and build the app using the same core used in the Mac OS X application (provided in the repository).

VirusTotal for Browsers
There are several browser extensions available, such as VT4Browsers for Mozilla Firefox and Google Chrome, and vtExplorer for Internet Explorer. They allow the user to download files directly with VirusTotal's web application prior to storing them in the computer, as well as scanning URLs.

VirusTotal for Mobile
The service also offers an Android app, which employs the public API to search any installed application for VirusTotal's previously scanned ones and show its status. Any application not previously scanned can be submitted, but an API key must be provided and other restrictions to public API usage may apply (see ).

Public API
VirusTotal provides a public API as a free service. It provides automation for some of its online features such as to "upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples". Some restrictions apply for requests made through the public API, such as requiring an individual API key freely obtained by online signing up, low priority scan queue, and limited number of requests per time frame.

Antivirus products
Antivirus engines used for detection for uploading files. • AegisLab (AegisLab)

• Antiy Labs (Antiy-AVL)

• Aladdin (eSafe)

• AVAST Software (Avast Antivirus)

• AVG Technologies (AVG AntiVirus)

• Avira

• BluePex (AVware)

• Baidu (Baidu-International)

• BitDefender GmbH (BitDefender)

• Bkav Corporation (Bkav)

• ByteHero Information Security Technology Team (ByteHero)

• Cat Computer Services (Quick Heal)

• CMC InfoSec (CMC Antivirus)

• CYREN

• ClamAV

• Comodo (Comodo)

• Criminal IP

• CrowdStrike

• Cybereason

• Doctor Web Ltd. (Dr.Web)

• Emsisoft Ltd. (Emsisoft)

• Endgame

• Eset Software (ESET NOD32)

• Fortinet

• FRISK Software (F-Prot)

• F-Secure

• Gridinsoft

• G Data CyberDefense (G Data)

• Hacksoft (The Hacker)

• Hauri (ViRobot)

• IKARUS Security Software (IKARUS)

• INCA Internet (nProtect)

• Invincea (Invincea, acquired by Sophos)

• Jiangmin (KV Antivirus)

• Kaspersky Lab (Kaspersky Anti-Virus)

• Kingsoft

• Malwarebytes Corporation (Malwarebytes' Anti-Malware)

• McAfee

• Microsoft (Malware Protection)

• MicroWorld (eScan)

• NANO Security (NANO Antivirus)

• Norman (Norman Antivirus)

• Panda Security (Panda Platinum)

• Palo Alto Networks (Palo Alto Networks Threat Intelligence Cloud)

• Qihoo 360

• Rising Antivirus (Rising)

• SentinelOne

• Sophos (SAV)

• SUPERAntiSpyware

• Symantec Corporation (Symantec)

• Tencent

• ThreatTrack Security (VIPRE Antivirus)

• TotalDefense

• Trend Micro (TrendMicro, TrendMicro-HouseCall)

• VirusBlokAda (VBA32)

• Webroot

• WhiteArmor

• Yandex

• Zillya! (Zillya)

• Zoner Software (Zoner Antivirus)

Website/domain scanning engines and datasets
Antivirus scanning engines used for URL scanning. • ADMINUSLabs (ADMINUSLABS)

• AegisLab WebGuard (AegisLab)

• Alexa (Amazon)

• AlienVault (AlienVault)

• Antiy-AVL (Antiy Labs)

• AutoShun (RiskAnalytics)

• Avira Checkurl (Avira)

• Baidu (Baidu-International)

• BitDefender

• CRDF (CRDF FRANCE)

• C-SIRT (Cyscon SIRT)

• CLEAN MX

• Comodo Site Inspector (Comodo Group)

• CyberCrime (Xylitol)

• Dr.Web Link Scanner (Dr.Web)

• Emsisoft (Emsi Software GmbH)

• ESET

• FortiGuard Web Filtering (Fortinet)

• G Data

• Google Safe Browsing (Google)

• Kaspersky URL advisor (Kaspersky Lab)

• Malc0de Database (Malc0de)

• Malekal (Malekal's MalwareDB)

• Malwarebytes hpHosts (Malwarebytes)

• Malwared (Malwared.malwaremustdie.org)

• Malware Domain Blocklist (DNS-BH - Malware Domain Blocklist)

• Malware Domain List (Malware Domain List)

• MalwarePatrol (MalwarePatrol)

• Malwares.com (Saint Security)

• Netcraft

• Opera

• Palevo Tracker (Abuse.ch)

• ParetoLogic URL Clearing House (ParetoLogic)

• PhishFort

• Phishtank (OpenDNS)

• Quttera (Quttera Ltd.)

• SCUMWARE (Scumware.org)

• SecureBrain (SecureBrain)

• Sophos

• SpyEye Tracker (Abuse.ch)

• StopBadware (StopBadware)

• Sucuri SiteCheck (Sucuri)

• ThreatHive (The Malwarelab)

• Trend Micro Site Safety Center (Trend Micro)

• urlQuery (urlQuery.net)

• VX Vault

• Websense ThreatSeeker (Websense)

• Webutation

• Wepawet (iseclab.org)

• Yandex Safe Browsing (Yandex)

• ZCloudsec (Zcloudsec)

• ZDB Zeus

• ZeuS Tracker (Abuse.ch)

• Zvelo

File characterization tools & datasets
Utilities used to provide additional info on uploaded files. • Androguard (Anthony Desnos)

• Cuckoo Sandbox (Claudio Guarnieri)

• ExifTool (Phil Harvey)

• Magic descriptor (Linux)

• NSRL information (NIST's National Software Reference Library)

• PDFiD (Didier Stevens)

• pefile (Ero Carrera)

• PEiD (Jibz)

• Sigcheck (Mark Russinovich)

• Snort (Sourcefire)

• ssdeep (Jesse Kornblum)

• Suricata (Open Information Security Foundation)

• Taggant packer information tool (ReversingLabs)

• TrID (Marco Pontello)

• UEFI Firmware parser (Teddy Reed)

• Wireshark (Wireshark Foundation)

• Zemana behaviour (Zemana)

• CarbonBlack (CarbonBlack)

Privacy
Files uploaded to VirusTotal may be shared freely with anti-malware companies and will also be retained in a store. The VirusTotal About Page states under VirusTotal and confidentiality:

Files and URLs sent to VirusTotal will be shared with antivirus vendors and security companies so as to help them in improving their services and products. We do this because we believe it will eventually lead to a safer Internet and better end-user protection.

By default any file/URL submitted to VirusTotal which is detected by at least one scanner is freely sent to all those scanners that do not detect the resource. Additionally, all files and URLs enter a private store that may be accessed by premium (mainly security/antimalware companies/organizations) VirusTotal users so as to improve their security products and services.