VirusTotal stores the reports for every single scan requested by its users. This allows users to query and render them without having to submit the items (URLs and files) for scanning. The search feature can retrieve file reports, URL reports, domain and IP address reports (including our Passive DNS information), VirusTotal Community users and VirusTotal Community comments.
This search feature is a free service, available to any user. The search functionality should not be used in commercial products or services. VirusTotal also develops a premium service called VirusTotal Intelligence that offers advanced searching capabilities. Intelligence allows you to go from sample characteristics (antivirus detection names, size, file type, binary content, behaviour patterns, drive-by-download URLs, etc.) to a list of samples matching your criteria. These malware samples can be downloaded for further scrutiny. The research platform contains other features such as Yara rule matching on VirusTotal's live submissions, sample clustering, etc.
Searching for file scan reports
Searching for URL scan reports
Searching for IP address information
Searching for domain information
Searching for VirusTotal Community users
Searching through VirusTotal Community comments
This document is intended for any VirusTotal user that wants to search through the dataset of past scans. No particular technical knowledge is required to understand the document.
In order to get started you just have to refer to VirusTotal's search form and follow the instructions detailed in the next sections.
In order to search for the last VirusTotal report on a given file just enter its hash. Currently the allowed hashes are MD5, SHA1 and SHA256.
Some users might also be interested in searching for particular file scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier (sha256-timestamp_epoch). This will return the file scan for a given point in time rather than its last analysis.
URL searches are simple, you just have to type in the given URL, the web application will normalize it and compare it with the items in VirusTotal's dataset. Specifying the URL will return the latest report on it.
Some users might also be interested in searching for particular URL scan reports (e.g. identified by a scan_id returned by the Public API), this can also be done, you just have to insert the scan identifier with the string "u:" prepended (u:sha256-timestamp_epoch). This will return the URL scan for a given point in time rather than its last analysis.
VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given IP address you just have to type it into the search box.
This report includes other details such as all the incidents seen related to such IP address: malware samples downloaded from the given server, specimens communicating with it, etc.
VirusTotal runs its own passive DNS replication service, built by storing DNS resolutions performed when visiting URLs and executing malware samples submitted by users. In order to retrieve the information we have on a given domain you just have to use the domain: search modifier in the search box.
This report includes other details such as all the incidents seen related to such domain: malware samples downloaded from the given domain, specimens communicating with it, etc.
Do you want to know whether a friend has a VT Community account? Simply type in their nick preceeded by the symbol "@", e.g. @VirusTotalTeam. Of course, in order to perform such a search you must first know his VirusTotal Community nick, the search feature will lead you to his VirusTotal Community profile page.
The comments in VirusTotal Community may often help in disinfecting your PC or may proof themselves useful when analysing a particular malware sample, comment tags enable users to search through the VirusTotal Community reviews. Just type in a tag, e.g. "#zbot".
Wprowadź adres e-mail przypisany do twojego konta w społeczności VirusTotal. Dostaniesz e-mail z informacjami, aby ustawić swoje nowe hasło.
Wejdź w interakcję z innymi użytkownikami VirusTotal i miej aktywny głos w walce z dzisiejszymi zagrożeniami Internetu. Dowiedz się więcej o społeczności VirusTotal.