or
Continue with LinkedIn
Recover my Password
Submit your Tekpon Account E-mail address and you will receive an email with instructions to reset your password.

Google VirusTotal

Tekpon Score
8.2

Google VirusTotal Reviews

& Product Details

What is Google VirusTotal?

Google VirusTotal is a robust cloud-based service that enhances cybersecurity through comprehensive scanning of files, URLs, domains, and IP addresses to detect malware and other security threats. This tool utilizes over 70 antivirus scanners and a multitude of URL/domain blacklisting services, contributing to a broad and dynamic understanding of new and existing security threats.

VirusTotal’s capabilities extend beyond simple threat detection. It incorporates powerful tools like VirusTotal Graph, which helps users visualize relationships between different data elements and malware artifacts, enabling more effective analysis and threat hunting. Its API supports the automation of scans and integration with other applications, making it versatile for various cybersecurity tasks.

The service is particularly valuable for cybersecurity professionals and researchers who require real-time data about potential threats. It’s also useful for businesses seeking to safeguard their digital assets through proactive threat identification and analysis.

Overall, Google VirusTotal is a critical tool for anyone involved in digital security. It offers a comprehensive, accessible, and user-friendly platform for scanning and analyzing potential cyber threats.

Best For

Analyze suspicious files, domains, IPs and URLs to detect malware
  • StartUps
  • Freelancers
  • Small Business
  • Medium Business
  • Large Enterprise
  • Non-profit Organization
  • Personal
  • Cloud, SaaS, Web-Based
  • Mobile - Android
  • Mobile - iPhone
  • Mobile - iPad
  • Desktop - Mac
  • Desktop - Windows
  • Desktop - Linux
  • Desktop - Chromebook
  • On-Premise - Windows
  • On-Premise - Linux
  • Company Name

    Google, LLC

  • Located In

    United States

  • Website

    virustotal.com

Starting from:

FREE

Pricing Model: Subscription

  • Free Trial
  • Free Version

Pricing Details:

Google's VirusTotal offers a free version with basic features. For more advanced capabilities, including higher request rates and additional tools, you can request a trial or contact them directly for a custom quote.

  • Vulnerability Scanning
  • Security Auditing
  • API
  • Network Security
  • Whitelisting/Blacklisting
  • Real Time Monitoring
  • Threat Response

Additional Features

  • URL Analysis
  • File Scanning
  • Domain Checks
  • IP Address Inspection
  • SSL Certificate Analysis
  • Automated Comments
  • Public API Access
  • Private API Features
  • Historical Data Access
  • Crowdsourced Intelligence
  • Community Insights
  • Security Vendor Checks
  • Blocklist Checks
  • Real-Time Updates
  • Threat Intelligence Reports

ESET PROTECT Platform

Tekpon Score
COMPARE

ManageEngine Endpoint Central

Tekpon Score
COMPARE

Tell us your opinion about Google VirusTotal and help others.

Nitish Singh

Organizations must secure their infrastructure, including their processes and data. To achieve a high level of security, you need to use cybersecurity tools such as Google VirusTotal. VirusTotal is a two-decade-old tool that allows organizations to strengthen their security, lower risks, improve security team efficiency, and take proactive steps against threats.

In this review post, we’ll examine VirusTotal in more detail, including its definition, how it works, key features, use cases, user experience, pricing, and Pros and cons. Let’s get started.

General Overview of VirusTotal

VirusTotal (VT) is a Google Cloud service that enables organizations to check for cybersecurity threats. Under the hood, it offers the most interlinked and real-time crowdsourced malware corpus. VirusTotal services are accessible through the web, mobile app, and APIs.

It offers instant search capabilities through its online portal. Anyone can go to its online portal and use it to scan files, URLs, hash, and IP addresses. With a vast dataset, organizations get the most accurate readings from common threats. It can also learn in real time and equip organizations or cybersecurity experts with the knowledge to identify and mitigate any associated risks.

VirusTotal operated independently from 2004 to 2012. It was created by Hispasec Sistemas, a Spanish company with the goal of aggregating online scan engines and antivirus products. However, Google acquired VirusTotal in 2012, integrating its powerful malware detection capabilities into Google services such as App Engine and Google Storage.

Some amazing stats about VirusTotal include:

  • Operating for the last two decades (started in 2004).
  • Crowdsourced by 3M+ monthly users from all over the world.
  • Enriches 3.7B+ files. For compressed bundles, it is 50B+
  • Google acquired VirusTotal in 2012, integrating it with Google Cloud services.
  • On average, VirusTotal does 6M analyses per day.
  • It has 10B passive DNS records.

All these stats stand at the time of writing, i.e., 2024.

In short, VirusTotal is a vital cybersecurity tool that organizations must use to deploy their security strategy, as it enables them to use the world’s largest malware corpus.

How Does VirusTotal Work? How to Use it With Examples

Under the hood, VirusTotal utilizes over 70 antivirus scanners and URL/domain blocking services to inspect files, URLs, domains, etc. VT gives access to a large volume of data, including 50B+ files, 1.8 M file analyses per day, and 2M to 8M URL scans per day. All of these are powered by Google’s secure infrastructure and computing solutions. To use the VirusTotal service, you need to submit/upload the files. These can be done via:

  • Desktop uploads
  • Browser Extensions
  • Public web interface
  • Programmable API

If you’re in a hurry, then it’s best to use the web interface, as it gets the highest scanning priority. As soon as you submit a file for scan, VirusTotal will give you a basic result. Let’s see by submitting tekpon.com into the scanner.

VirusTotal Analyze - Tekpon ReviewAs soon as you press Enter on your keyboard, you’ll find instant brief results. Let’s look at a file submission. To test it, I downloaded a suspicious file from the Internet and ran it to see if VirusTotal detected its malicious intent.

VirusTotal from Google

As you can see, it works. It is able to detect its malicious intent and gather various vendor analyses. If you want detailed results, you can always check the Detail, Relations, and Behaviour tag.

The Community tab lets you learn what the community thinks about the threat. If you’re not comfortable uploading a file, you can extract its hash and use it to run the scan. We can use the hash of the previous malicious file to search for it again—and the results will be the same! Technically, VirusTotal takes a 360-degree approach. Here, it identifies the threat with a complete understanding of its content rather than comparing hash values for already existing malware. This approach enables organizations to find and handle zero-day threats effectively.

Google VirusTotal Key Features Explained

VirusTotal is a feature-rich cybersecurity tool. To get a complete picture, let’s go through its key features below.

  • VirusTotal Code Insights

Code Insights is one of the newest VirusTotal features. It utilizes GenAI to help security experts get deeper insights into code, enabling them to find and mitigate potential threats with confidence. Under the hood, Code Insight uses Google Cloud Security AI Workbench. In this blog post, VirusTotal explains how Code Insights works. They utilize the power of large language models trained in programming languages. They are using the Sec-PaLM model hosted on Google Cloud AI. They recently updated it to allow Code Insights to offer better high-level explanations and increased file size limits.

However, Code Insight only supports script formats, including:

  • Command Prompt (CMD)
  • Batch (BAT)
  • Shell Scripts (SH)
  • VBScript(VBS)

At the time of writing, the VirusTota team is working on adding code executable insights.

  • Automate with API endpoints

VirusTotal offers access to API endpoints that allow you to automate testing. This is an ideal choice for enterprises that want to secure their networks with robust automated security. Its API version 3 has greatly improved on version 2, offering ease of use. Furthermore, it utilizes REST principles for easy resource-oriented URLs. Additionally, it uses JSON for responses, requests, and errors. Some of its popular API endpoints include:

  • Scan URL API
  • URL analysis report API
  • Upload a file API (for scanning)
  • Get a file report using hash API
  • Get an IP address report API
  • Get a domain report API

However, not all APIs are freely accessible. Some are locked for premium customers with access to VirusTotal’s advanced services, such as VirusTotal Enterprise. The Public APIs are ideal for testing workflows or non-commercial services. They are limited in requests (500 per day or 4 per minute). Premium APIs, on the other hand, provide limitations based on a license while offering an SLA-based guarantee. It also possesses better context understanding and advanced threat detection.

The key benefits that Premium APIs offer over Public APIs:

  • Change request rate according to your requirement
  • Better context and details access
  • Do further research by downloading samples and their associated network traffic
  • Includes VirusTotal generated meta-data
  • Guarantees data readiness and availability through a strict Service License Agreement (SLA).

  • Real-time updates

VirusTotal is a globally connected cybersecurity tool. This means that businesses get real-time updates and telemetry. On average, 2M+ users from 232 countries use the tool, submitting samples and offering other vital information such as first-seen dates, in-the-wild patterns, activity timelines, etc. These also mean that malware signatures are updated frequently. Moreover, VirusTotal continuously updates the contributor’s blocklist, enabling companies to stay ahead of the latest threats.

  • Detailed Results

VirusTotal works differently from other public and commercial cybersecurity tools. It offers detailed results on malware, including how it acts, communicates, and behaves. To achieve this level of accuracy, VT uses controlled virtual environments where Threat Intelligence learns about the file and creates a detailed report.

The detailed report contains information such as:

  • Created mutexes
  • Registry keys set
  • Opened, created, and written files
  • URL lookups
  • Contacted domains
  • Botnet status

Additionally, VT’s static+dynamic analysis helps decide RAT malware configs and network infrastructure. This approach is different compared to dynamic analysis as it helps uncover more details about malware. In simple words, VT excels at providing additional information. It labels threats correctly—for example, VT URL scanners label sites as phishing sites, malware sites, or suspicious sites.

Other Google VirusTotal Features Worth Mentioning

VT Integrations and Connections

Organizations can extend VT capabilities by integrating popular third-party solutions. These can result in better VT usage, including:

  • False positive discarding
  • Get another detection opinion
  • Automatic alert triage
  • Event enrichment

VT supports integration for popular platforms, including SOAR platforms, EDRs, AVs, Endpoint agents, Email gateways, Network perimeter, etc.

  • ServiceNow
  • Chronicle SOAR
  • Splunk SOAR
  • Palo Alto Cortex SOAR
  • IBM Qradar SOAR (Resilient)
  • Exabeam
  • Swimlane
  • TheHive
  • Cloudflare One
  • KnowBe4 Phisher

Additionally, VT also supports connectors that help enhance Indicators of Compromise reports. Users can add vital data to the reports. The VT Connectors support external threat intelligence sources and security vendors. The key benefits of VT Connectors include the following:

  • Group-wide enrichment that allows enriched information to get automatically shared among team members.
  • Pick the security vendor of your choice.
  • Official VirusTotal support improving security, reliability, and compatibility

Currently, VT has the following connector support:

  • MISP
  • Mandiat Advantage
  • Splunk

VirusTotal Enterprise

Google’s VirusTotal is a capable tool. However, its standard offering does not meet the enterprise’s demands. That’s where VirusTotal Enterprise, a paid solution, comes in. VT Enterprise expands on already existing VT capabilities and adds enterprise-ready capabilities such as:

  • VT Intelligence: Adds advanced modifiers to the search engine, improving its search capabilities by providing more details and threat context. It also allows users to download files for offline study and dissection.
  • VT Hunting: Strengthen security by applying YARA rules. It improves overall malware detection as it uses historical data to find evolving patterns in malware families.
  • VT Graph: Visualize malware dataset and find interesting relationships among URLs, domains, IP addresses, etc.

Apart from these, VT Enterprise also gives access to VT APIs, which gives enterprises the ability to automate security. APIs allow automatic data triage while enabling access to the following:

  • Access to historical data
  • Do deep searches with highly scalable architecture
  • File type agnostic multi-scanning
  • Access to 70+ antivirus solutions, 20+ static analyzers, and 10+ sandboxes.
  • Rich context-based information

You also get file feed, URL feed, and Sandbox feed that let you download and ingest generated files along with their analysis. Lastly, VT Enterprise offers a VT Monitor that helps mitigate false positive detections, scan pre-release software periodically, and generate VirusTotal Trust Seals on files (giving users trust about file usage).

VirusTotal Intelligence

At the core of VT Enterprise is VT Intelligence. It is a super-charged search engine for malware that offers an in-depth profile similar to Facebook’s and extensive search capabilities similar to Google’s search engine. With VT Intelligence, you can search for malware samples, IP addresses, domains, and URLs with ever-changing and continuously updated datasets. Enterprises can run searches based on different criteria, including static features, antivirus detection verdicts, behavior patterns, etc.

VT Intelligence’s key features include the following:

  • Learn about static threat indicators such as packer details in Windows executables or finding malicious code in Office document macros.
  • Use advanced modifiers to do multi-property searches.
  • Detonates files in virtually controlled environments to learn about malware behavior and activities.
  • Use static+dynamic analysis to further drill into malware behavior, such as decoding RAT malware configs.
  • Gain vital threat location context.
  • Learn about relationships and patterns through inter-file-netloc relationships.
  • Get access to powerful search capabilities such as content, elastic, and cluster searching.
  • Get access to telemetry metadata from partner tools’ contributions.
  • Access to goodware and allowlisting information.

VirusTotal Hunting

VT Hunting lets you use YARA rules to detect malware. It also uses historical data to detect threat evolution across malware families, generating automatic IoCs for better protection. Like VT Intelligence, you can download suspicious files for offline study. It also notifies you when the YARA rule matches, ensuring that you can take proper action.

VT Hunting’s key features include the following:

  • Use YARA to create rules for malware families and upload them to track new threats.
  • Offers automatic rule triggers via Threat Intelligence
  • Improve low false positive rates
  • Uploaded YARA rules check for similar threats across the entire database and notify if similar threats exist.
  • Use API to generate IOCS
  • Apply YARA rules to the old dataset to find attacks on the earlier version.
  • Offers rich hunting syntax with support for different kinds of strings and multiple conditions.

VirusTotal Graph

VT Threat Graph visualizes the dataset. It helps analysts better understand the relationship between URLs, IP addresses, files, and other items.
VT Graph’s key features include:

  • Offers semantic icons for better visual clarity
  • VT’s backend generates rich relationships
  • Offers threat cards that summarize items
  • Pivot to investigative workbench instantly with a single click

VirusTotal Use Cases

Some of the popular Google’s VirusTotal use cases include:

  • Anti-fraud, anti-phishing, and brand monitoring
  • Advanced hunting
  • Incident response and forensic analysis
  • Vulnerability management
  • Automatic security telemetry enrichment

VirusTotal follows a freemium model. It offers a competent free version with access to public API. However, if you’re a business, then you can take advantage of its premium offering, i.e., VirusTotal Enterprise. Google VT doesn’t have any public pricing information, so you’ll need to contact them for more details.

VirusTotal Pros and Cons

PROs

  • Effective malware detection
  • Community-driven malware database
  • Excellent API support
  • Free to use for non-commercial purposes
  • Feature-rich VT Enterprise solution

CONs

  • Not 100% accurate
  • Long scanning times
  • A lot of new features are locked under the paid option

Final Thoughts

VirusTotal is an excellent cybersecurity tool. Its meta approach ensures real-time updates with higher accuracy when dealing with ever-evolving malware. Furthermore, its crowdfunding approach makes it the best database for malware detection, whether it is a file, URL, domain, or scripting code. It got it all covered.

However, what’s impressive is its Enterprise solution. Its paid solution offers enterprise-level features, including VT Intelligence (offering advanced modifier-based search), VT Hunting (tracking the evolution of threats), and VT Graph (visually exploring threats while understanding relationships). The availability of APIs also makes using VirusTotal easy and automated, especially for enterprises dealing with large networks and data.

Irrespective of security needs, VirusTotal is not the ultimate answer. However, it is part of the equation to have a strong security ecosystem. I recommend enterprises follow best practices, including using cross-referencing agents, checking for antivirus engine trustworthiness in VT’s analysis, and diving deep into details.



VirusTotal is capable of scanning any type of file. These files can include PDFs, Android APKs, Images, Code files (such as JavaScript code files), or any executable file. It can also scan URLs for malicious code or intent, altering the user beforehand.


VirusTotal is a comprehensive tool that does way more than commercial versions. The core difference is the approach.
For example, VirusTotal is a community-driven solution providing free access to its features. As it is a cumulation of major antivirus solutions/URL/domain scanners, it has access to billions of data points. It instantly provides visibility to threats, thanks to worldwide reach, irrespective of geography or industry.
Furthermore, VirusTotal takes a more holistic approach compared to other commercial versions that heavily rely on hashes and files. With a 360-degree characterization, threats are well-defined to get identified instantly, working in even diverse attacker campaigns.


VirusTotal is free to use for non-commercial purposes. However, It does have a paid version, VirusTotal Enterprise, which is aimed at enterprises that want to solidify their networks against cyber threats.


No. It doesn’t. VirusTotal is a tool that offers a community-driven approach to cyber security. Its recent addition of Code Insight utilizes LLMs, offering a more in-depth automated threat detection.
In short, security experts can use VirusTotal as a powerful assistant to help them find and mitigate cyber threats.


No, VirusTotal is not 100% accurate. It is a meta-service that combines results from other antivirus or malware scanning solutions. So, it gives you an idea of how malicious a file, DNS, URL, or domain is, but it has no control over the accuracy. Also, it is common for antivirus solutions to report false positives. It is always the best approach to research more and utilize other online detectors such as MetaDefender.


VirusTotal offers Public and Premium APIs. The Public APIs are free to use but come with the following limitations:

  • 500 requests per day (4 requests per minute).
  • It cannot be used for commercial services/products.
  • It cannot be used in business workflows where there is no new file contribution.

Their Premium APIs don’t have any Public API limitations. However, the limitations are based on the licensed service step. They’re also more context-based and offer better malware detection. Furthermore, Premium APIs are SLA-based, making them ideal for critical enterprise processes.


Authors

Nitish Singh

Writer

Nitish Singh

Software Reviewer & Writer @ Tekpon
Tekpon Favicon

SaaS Content Writer

Nitish Singh is a C1 Advanced (CEFR) certified tech writer whose expertise has made technology more accessible to over a million users worldwide. With a strong background in Computer Applications, Nitish excels in demystifying complex tech subjects, making him a sought-after voice for B2B.
Ana Maria Stanciuc

Editor

Ana Maria Stanciuc

Head of Content & Editor-in-Chief @ Tekpon
Tekpon Favicon

Creative Content Chief

Ana Maria Stanciuc is a highly skilled writer and content strategist with 10+ years of experience. She has experience in technical and creative writing across a variety of industries. She also has a background in journalism.

This website uses cookies

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This means that cookies which are categorized as necessary, are processed based on GDPR Art. 6 (1) (f). All other cookies, meaning those from the categories preferences and marketing, are processed based on GDPR Art. 6 (1) (a) GDPR.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

You can read more about all this at the following links.

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

These trackers help us to measure traffic and analyze your behavior to improve our service.

These trackers help us to deliver personalized ads or marketing content to you, and to measure their performance.