Google VirusTotal Reviews
& Product DetailsWhat is Google VirusTotal?
Google VirusTotal is a robust cloud-based service that enhances cybersecurity through comprehensive scanning of files, URLs, domains, and IP addresses to detect malware and other security threats. This tool utilizes over 70 antivirus scanners and a multitude of URL/domain blacklisting services, contributing to a broad and dynamic understanding of new and existing security threats.
VirusTotal’s capabilities extend beyond simple threat detection. It incorporates powerful tools like VirusTotal Graph, which helps users visualize relationships between different data elements and malware artifacts, enabling more effective analysis and threat hunting. Its API supports the automation of scans and integration with other applications, making it versatile for various cybersecurity tasks.
The service is particularly valuable for cybersecurity professionals and researchers who require real-time data about potential threats. It’s also useful for businesses seeking to safeguard their digital assets through proactive threat identification and analysis.
Overall, Google VirusTotal is a critical tool for anyone involved in digital security. It offers a comprehensive, accessible, and user-friendly platform for scanning and analyzing potential cyber threats.
Best For
- StartUps
- Freelancers
- Small Business
- Medium Business
- Large Enterprise
- Non-profit Organization
- Personal
- Cloud, SaaS, Web-Based
- Mobile - Android
- Mobile - iPhone
- Mobile - iPad
- Desktop - Mac
- Desktop - Windows
- Desktop - Linux
- Desktop - Chromebook
- On-Premise - Windows
- On-Premise - Linux
-
Company Name
Google, LLC
-
Located In
United States
-
Website
virustotal.com
Starting from:
FREE
Pricing Model: Subscription
- Free Trial
- Free Version
Pricing Details:
Google's VirusTotal offers a free version with basic features. For more advanced capabilities, including higher request rates and additional tools, you can request a trial or contact them directly for a custom quote.
- Vulnerability Scanning
- Security Auditing
- API
- Network Security
- Whitelisting/Blacklisting
- Real Time Monitoring
- Threat Response
Additional Features
- URL Analysis
- File Scanning
- Domain Checks
- IP Address Inspection
- SSL Certificate Analysis
- Automated Comments
- Public API Access
- Private API Features
- Historical Data Access
- Crowdsourced Intelligence
- Community Insights
- Security Vendor Checks
- Blocklist Checks
- Real-Time Updates
- Threat Intelligence Reports
Tell us your opinion about Google VirusTotal and help others.
Table of Contents
Organizations must secure their infrastructure, including their processes and data. To achieve a high level of security, you need to use cybersecurity tools such as Google VirusTotal. VirusTotal is a two-decade-old tool that allows organizations to strengthen their security, lower risks, improve security team efficiency, and take proactive steps against threats.
In this review post, we’ll examine VirusTotal in more detail, including its definition, how it works, key features, use cases, user experience, pricing, and Pros and cons. Let’s get started.
General Overview of VirusTotal
VirusTotal (VT) is a Google Cloud service that enables organizations to check for cybersecurity threats. Under the hood, it offers the most interlinked and real-time crowdsourced malware corpus. VirusTotal services are accessible through the web, mobile app, and APIs.
It offers instant search capabilities through its online portal. Anyone can go to its online portal and use it to scan files, URLs, hash, and IP addresses. With a vast dataset, organizations get the most accurate readings from common threats. It can also learn in real time and equip organizations or cybersecurity experts with the knowledge to identify and mitigate any associated risks.
VirusTotal operated independently from 2004 to 2012. It was created by Hispasec Sistemas, a Spanish company with the goal of aggregating online scan engines and antivirus products. However, Google acquired VirusTotal in 2012, integrating its powerful malware detection capabilities into Google services such as App Engine and Google Storage.
Some amazing stats about VirusTotal include:- Operating for the last two decades (started in 2004).
- Crowdsourced by 3M+ monthly users from all over the world.
- Enriches 3.7B+ files. For compressed bundles, it is 50B+
- Google acquired VirusTotal in 2012, integrating it with Google Cloud services.
- On average, VirusTotal does 6M analyses per day.
- It has 10B passive DNS records.
All these stats stand at the time of writing, i.e., 2024.
In short, VirusTotal is a vital cybersecurity tool that organizations must use to deploy their security strategy, as it enables them to use the world’s largest malware corpus.
How Does VirusTotal Work? How to Use it With Examples
Under the hood, VirusTotal utilizes over 70 antivirus scanners and URL/domain blocking services to inspect files, URLs, domains, etc. VT gives access to a large volume of data, including 50B+ files, 1.8 M file analyses per day, and 2M to 8M URL scans per day. All of these are powered by Google’s secure infrastructure and computing solutions. To use the VirusTotal service, you need to submit/upload the files. These can be done via:
- Desktop uploads
- Browser Extensions
- Public web interface
- Programmable API
If you’re in a hurry, then it’s best to use the web interface, as it gets the highest scanning priority. As soon as you submit a file for scan, VirusTotal will give you a basic result. Let’s see by submitting tekpon.com into the scanner.
As soon as you press Enter on your keyboard, you’ll find instant brief results. Let’s look at a file submission. To test it, I downloaded a suspicious file from the Internet and ran it to see if VirusTotal detected its malicious intent.
As you can see, it works. It is able to detect its malicious intent and gather various vendor analyses. If you want detailed results, you can always check the Detail, Relations, and Behaviour tag.
The Community tab lets you learn what the community thinks about the threat. If you’re not comfortable uploading a file, you can extract its hash and use it to run the scan. We can use the hash of the previous malicious file to search for it again—and the results will be the same! Technically, VirusTotal takes a 360-degree approach. Here, it identifies the threat with a complete understanding of its content rather than comparing hash values for already existing malware. This approach enables organizations to find and handle zero-day threats effectively.
Google VirusTotal Key Features Explained
VirusTotal is a feature-rich cybersecurity tool. To get a complete picture, let’s go through its key features below.
-
VirusTotal Code Insights
Code Insights is one of the newest VirusTotal features. It utilizes GenAI to help security experts get deeper insights into code, enabling them to find and mitigate potential threats with confidence. Under the hood, Code Insight uses Google Cloud Security AI Workbench. In this blog post, VirusTotal explains how Code Insights works. They utilize the power of large language models trained in programming languages. They are using the Sec-PaLM model hosted on Google Cloud AI. They recently updated it to allow Code Insights to offer better high-level explanations and increased file size limits.
However, Code Insight only supports script formats, including:
- Command Prompt (CMD)
- Batch (BAT)
- Shell Scripts (SH)
- VBScript(VBS)
At the time of writing, the VirusTota team is working on adding code executable insights.
-
Automate with API endpoints
VirusTotal offers access to API endpoints that allow you to automate testing. This is an ideal choice for enterprises that want to secure their networks with robust automated security. Its API version 3 has greatly improved on version 2, offering ease of use. Furthermore, it utilizes REST principles for easy resource-oriented URLs. Additionally, it uses JSON for responses, requests, and errors. Some of its popular API endpoints include:
- Scan URL API
- URL analysis report API
- Upload a file API (for scanning)
- Get a file report using hash API
- Get an IP address report API
- Get a domain report API
However, not all APIs are freely accessible. Some are locked for premium customers with access to VirusTotal’s advanced services, such as VirusTotal Enterprise. The Public APIs are ideal for testing workflows or non-commercial services. They are limited in requests (500 per day or 4 per minute). Premium APIs, on the other hand, provide limitations based on a license while offering an SLA-based guarantee. It also possesses better context understanding and advanced threat detection.
The key benefits that Premium APIs offer over Public APIs:- Change request rate according to your requirement
- Better context and details access
- Do further research by downloading samples and their associated network traffic
- Includes VirusTotal generated meta-data
- Guarantees data readiness and availability through a strict Service License Agreement (SLA).
-
Real-time updates
VirusTotal is a globally connected cybersecurity tool. This means that businesses get real-time updates and telemetry. On average, 2M+ users from 232 countries use the tool, submitting samples and offering other vital information such as first-seen dates, in-the-wild patterns, activity timelines, etc. These also mean that malware signatures are updated frequently. Moreover, VirusTotal continuously updates the contributor’s blocklist, enabling companies to stay ahead of the latest threats.
-
Detailed Results
VirusTotal works differently from other public and commercial cybersecurity tools. It offers detailed results on malware, including how it acts, communicates, and behaves. To achieve this level of accuracy, VT uses controlled virtual environments where Threat Intelligence learns about the file and creates a detailed report.
The detailed report contains information such as:- Created mutexes
- Registry keys set
- Opened, created, and written files
- URL lookups
- Contacted domains
- Botnet status
Additionally, VT’s static+dynamic analysis helps decide RAT malware configs and network infrastructure. This approach is different compared to dynamic analysis as it helps uncover more details about malware. In simple words, VT excels at providing additional information. It labels threats correctly—for example, VT URL scanners label sites as phishing sites, malware sites, or suspicious sites.
Other Google VirusTotal Features Worth Mentioning
VT Integrations and ConnectionsOrganizations can extend VT capabilities by integrating popular third-party solutions. These can result in better VT usage, including:
- False positive discarding
- Get another detection opinion
- Automatic alert triage
- Event enrichment
VT supports integration for popular platforms, including SOAR platforms, EDRs, AVs, Endpoint agents, Email gateways, Network perimeter, etc.
- ServiceNow
- Chronicle SOAR
- Splunk SOAR
- Palo Alto Cortex SOAR
- IBM Qradar SOAR (Resilient)
- Exabeam
- Swimlane
- TheHive
- Cloudflare One
- KnowBe4 Phisher
Additionally, VT also supports connectors that help enhance Indicators of Compromise reports. Users can add vital data to the reports. The VT Connectors support external threat intelligence sources and security vendors. The key benefits of VT Connectors include the following:
- Group-wide enrichment that allows enriched information to get automatically shared among team members.
- Pick the security vendor of your choice.
- Official VirusTotal support improving security, reliability, and compatibility
- MISP
- Mandiat Advantage
- Splunk
VirusTotal Enterprise
Google’s VirusTotal is a capable tool. However, its standard offering does not meet the enterprise’s demands. That’s where VirusTotal Enterprise, a paid solution, comes in. VT Enterprise expands on already existing VT capabilities and adds enterprise-ready capabilities such as:
- VT Intelligence: Adds advanced modifiers to the search engine, improving its search capabilities by providing more details and threat context. It also allows users to download files for offline study and dissection.
- VT Hunting: Strengthen security by applying YARA rules. It improves overall malware detection as it uses historical data to find evolving patterns in malware families.
- VT Graph: Visualize malware dataset and find interesting relationships among URLs, domains, IP addresses, etc.
Apart from these, VT Enterprise also gives access to VT APIs, which gives enterprises the ability to automate security. APIs allow automatic data triage while enabling access to the following:
- Access to historical data
- Do deep searches with highly scalable architecture
- File type agnostic multi-scanning
- Access to 70+ antivirus solutions, 20+ static analyzers, and 10+ sandboxes.
- Rich context-based information
You also get file feed, URL feed, and Sandbox feed that let you download and ingest generated files along with their analysis. Lastly, VT Enterprise offers a VT Monitor that helps mitigate false positive detections, scan pre-release software periodically, and generate VirusTotal Trust Seals on files (giving users trust about file usage).
VirusTotal Intelligence
At the core of VT Enterprise is VT Intelligence. It is a super-charged search engine for malware that offers an in-depth profile similar to Facebook’s and extensive search capabilities similar to Google’s search engine. With VT Intelligence, you can search for malware samples, IP addresses, domains, and URLs with ever-changing and continuously updated datasets. Enterprises can run searches based on different criteria, including static features, antivirus detection verdicts, behavior patterns, etc.
VT Intelligence’s key features include the following:- Learn about static threat indicators such as packer details in Windows executables or finding malicious code in Office document macros.
- Use advanced modifiers to do multi-property searches.
- Detonates files in virtually controlled environments to learn about malware behavior and activities.
- Use static+dynamic analysis to further drill into malware behavior, such as decoding RAT malware configs.
- Gain vital threat location context.
- Learn about relationships and patterns through inter-file-netloc relationships.
- Get access to powerful search capabilities such as content, elastic, and cluster searching.
- Get access to telemetry metadata from partner tools’ contributions.
- Access to goodware and allowlisting information.
VirusTotal Hunting
VT Hunting lets you use YARA rules to detect malware. It also uses historical data to detect threat evolution across malware families, generating automatic IoCs for better protection. Like VT Intelligence, you can download suspicious files for offline study. It also notifies you when the YARA rule matches, ensuring that you can take proper action.
VT Hunting’s key features include the following:
- Use YARA to create rules for malware families and upload them to track new threats.
- Offers automatic rule triggers via Threat Intelligence
- Improve low false positive rates
- Uploaded YARA rules check for similar threats across the entire database and notify if similar threats exist.
- Use API to generate IOCS
- Apply YARA rules to the old dataset to find attacks on the earlier version.
- Offers rich hunting syntax with support for different kinds of strings and multiple conditions.
VirusTotal Graph
VT Threat Graph visualizes the dataset. It helps analysts better understand the relationship between URLs, IP addresses, files, and other items.
VT Graph’s key features include:
- Offers semantic icons for better visual clarity
- VT’s backend generates rich relationships
- Offers threat cards that summarize items
- Pivot to investigative workbench instantly with a single click
VirusTotal Use Cases
Some of the popular Google’s VirusTotal use cases include:- Anti-fraud, anti-phishing, and brand monitoring
- Advanced hunting
- Incident response and forensic analysis
- Vulnerability management
- Automatic security telemetry enrichment
VirusTotal Pros and Cons
- Effective malware detection
- Community-driven malware database
- Excellent API support
- Free to use for non-commercial purposes
- Feature-rich VT Enterprise solution
- Not 100% accurate
- Long scanning times
- A lot of new features are locked under the paid option
Final Thoughts
VirusTotal is an excellent cybersecurity tool. Its meta approach ensures real-time updates with higher accuracy when dealing with ever-evolving malware. Furthermore, its crowdfunding approach makes it the best database for malware detection, whether it is a file, URL, domain, or scripting code. It got it all covered.
However, what’s impressive is its Enterprise solution. Its paid solution offers enterprise-level features, including VT Intelligence (offering advanced modifier-based search), VT Hunting (tracking the evolution of threats), and VT Graph (visually exploring threats while understanding relationships). The availability of APIs also makes using VirusTotal easy and automated, especially for enterprises dealing with large networks and data.
Irrespective of security needs, VirusTotal is not the ultimate answer. However, it is part of the equation to have a strong security ecosystem. I recommend enterprises follow best practices, including using cross-referencing agents, checking for antivirus engine trustworthiness in VT’s analysis, and diving deep into details.
VirusTotal is capable of scanning any type of file. These files can include PDFs, Android APKs, Images, Code files (such as JavaScript code files), or any executable file. It can also scan URLs for malicious code or intent, altering the user beforehand.
VirusTotal is a comprehensive tool that does way more than commercial versions. The core difference is the approach.
For example, VirusTotal is a community-driven solution providing free access to its features. As it is a cumulation of major antivirus solutions/URL/domain scanners, it has access to billions of data points. It instantly provides visibility to threats, thanks to worldwide reach, irrespective of geography or industry.
Furthermore, VirusTotal takes a more holistic approach compared to other commercial versions that heavily rely on hashes and files. With a 360-degree characterization, threats are well-defined to get identified instantly, working in even diverse attacker campaigns.
VirusTotal is free to use for non-commercial purposes. However, It does have a paid version, VirusTotal Enterprise, which is aimed at enterprises that want to solidify their networks against cyber threats.
No. It doesn’t. VirusTotal is a tool that offers a community-driven approach to cyber security. Its recent addition of Code Insight utilizes LLMs, offering a more in-depth automated threat detection.
In short, security experts can use VirusTotal as a powerful assistant to help them find and mitigate cyber threats.
No, VirusTotal is not 100% accurate. It is a meta-service that combines results from other antivirus or malware scanning solutions. So, it gives you an idea of how malicious a file, DNS, URL, or domain is, but it has no control over the accuracy. Also, it is common for antivirus solutions to report false positives. It is always the best approach to research more and utilize other online detectors such as MetaDefender.
VirusTotal offers Public and Premium APIs. The Public APIs are free to use but come with the following limitations:
- 500 requests per day (4 requests per minute).
- It cannot be used for commercial services/products.
- It cannot be used in business workflows where there is no new file contribution.
Their Premium APIs don’t have any Public API limitations. However, the limitations are based on the licensed service step. They’re also more context-based and offer better malware detection. Furthermore, Premium APIs are SLA-based, making them ideal for critical enterprise processes.