1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VirusTotal Question?

Discussion in 'BlackHat Lounge' started by stevesdata, Jul 15, 2009.

  1. stevesdata

    stevesdata Regular Member

    Joined:
    Nov 3, 2008
    Messages:
    357
    Likes Received:
    140
    Location:
    Next to Chuck Norris
    If a file is over the file size limit can you use Winrar to split the file into multiples below the file size limit and scan each one?

    Apologies for the silly question but I am not sure how accurate this would then be.

    Will it still detect nasties? I ask here because I trust some of the excellent knowledge in this area.

    Many thanks for anyone that can help.

    :)
     
  2. Sweetfunny

    Sweetfunny Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 13, 2008
    Messages:
    1,747
    Likes Received:
    5,039
    Location:
    ScrapeBox v2.0
    Home Page:
    No you can't, doing so will corrupt the overall exe file.

    Run Sandboxie and install it in that.
     
    • Thanks Thanks x 1
  3. stevesdata

    stevesdata Regular Member

    Joined:
    Nov 3, 2008
    Messages:
    357
    Likes Received:
    140
    Location:
    Next to Chuck Norris
    Thanks a lot for the advice sandboxie looks excellent!

    :)
     
  4. stevesdata

    stevesdata Regular Member

    Joined:
    Nov 3, 2008
    Messages:
    357
    Likes Received:
    140
    Location:
    Next to Chuck Norris
    One other question I have is what is the largest online scanner

    Virus Total 25MB
    Jotti 15MB
    FilterBit 20MB

    It would be great if there was a bigger one. I think my file is approx. 30MB

    :yield:
     
  5. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    I'm not too sure about what Sweetfunny has said but in my opinion I think this should be possible, you will just have to use split archives and zip up the .exe in to two different files. If VirusTotal allows rar or zip files I think this should work because your not altering the .exe in any way so if there is a virus in the actual file it will be most likely detected by VirusTotal even though it's split into two archives.
    The best way to actually test if this works properly is to get an already infected file, zip it into two split archive files and upload both to VirusTotal, if they get detected it means that this will work and give accurate results.
     
    • Thanks Thanks x 1
    Last edited: Jul 15, 2009
  6. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    If the file is publicly available check the file size against what
    it should be. If there is any difference submit it to the main
    AV companies one by one for analisis.
     
    • Thanks Thanks x 1
  7. Jcsarokin

    Jcsarokin Power Member

    Joined:
    Mar 2, 2009
    Messages:
    718
    Likes Received:
    1,015
    Location:
    Los Angeles / Beverly Hills
    the file 30mb or just the exe Couldnt you scan them seperately?
     
  8. stevesdata

    stevesdata Regular Member

    Joined:
    Nov 3, 2008
    Messages:
    357
    Likes Received:
    140
    Location:
    Next to Chuck Norris
    Thanks I will test this although I always delete my infected files immediately so will do next time and post results.

    :)
     
  9. stevesdata

    stevesdata Regular Member

    Joined:
    Nov 3, 2008
    Messages:
    357
    Likes Received:
    140
    Location:
    Next to Chuck Norris
    The .exe was 30-ish MB will try next time I have an infected file.

    :)
     
  10. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Splitting the file could change various aspects dealing with the file signature. I would not reply on a scan for a split file.
     
  11. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    Afterthought! make up an ID upload it to a torrent site and see if you get banned.
    Then you'll know.
     
    • Thanks Thanks x 1