When examining a suspicious file, it is often useful to scan it with multiple antivirus tools. Sometimes one AV product might identify the file as malware, while another might not. The following free on-line tools scan the file you upload with multiple antivirus engines, making it easier for you to obtain multiple perspective on the potentially-malicious artifact:
- AVCaesar. Supports Supports searching by hash.
- Jotti’s Malware Scan. Supports searching by hash.
- Metascan Online. Supports searching by hash.
- VirusTotal. Supports searching by hash.
In addition to scanning the uploaded file using antivirus engines, these online tools also extract static properties, such as meta data, from the file.
Prior to uploading a suspicious artifact to these sites, make sure you are allowed to release the file outside the boundaries of your organization.
Also, keep in mind that when dealing with a unique file in the context of a targeted attack, uploading the file to these services could reveal to the attacker that you’ve discovered their malware. If in doubt, don’t upload your file, and instead search the database of prior scans using the file’s hash.
Any on-line tools that should be on this list, but are missing? Let me know. My other lists of on-line security resources outline Automated Malware Analysis Services, Online Tools for Looking Up Potentially Malicious Websites and Blocklists of Suspected Malicious IPs and URLs.