VirusTotal

What is VirusTotal?

VirusTotal is a free threat analysis service owned by Google that aggregates the detection results of over 70 antivirus engines, web scanners, and threat intelligence feeds for any submitted file, URL, domain, or IP address. Beyond the aggregate detection verdict, VirusTotal provides detailed metadata about each analyzed artifact: file structure, embedded strings, behavioral sandbox results, community comments from researchers, YARA rule matches, and relationships to other known malicious files or infrastructure. Its graph feature allows analysts to visually map the relationships between a file, the domains it contacts, the IPs those domains resolve to, and other files observed communicating with the same infrastructure, which is particularly useful for understanding the scope of a malware campaign. VirusTotal is one of the most widely used first-pass triage tools in security operations because of its breadth of coverage and the speed of its API.

How does VirusTotal work with Qevlar?

Qevlar integrates with VirusTotal to obtain rapid verdicts on files, hashes, URLs, and IP addresses encountered during automated investigations. When an unknown artifact appears in an alert, Qevlar queries VirusTotal to determine whether it has been previously identified as malicious and to retrieve any available intelligence about its origin and behavior.