Cheat sheets

The perfect VirusTotal guide [2018]

Share this with people that should know this:

We have listed down some tips and tricks which will help you to get the most out of VirusTotal. The tips and tricks will help you to find malware, malicious environments and it will also help you to get that type of information quicker.

Getting started with VirusTotal

Virustotal allows you to register an account, and I strongly recommend you to register one. There are various reasons for this. The first reason is that it allows you to make use of the public API, the second is the fact that you are allowed to participate in the community, and you can discuss malware with other people on the VirusTotal environment. The community also works with ranks, so the more often you participate on the VirusTotal platform by uploading malware, posting comments and giving thumbs ups or downs you will increase your rank status.

Steps to take:

  1. Create an account on VirusTotal

So now what?!

In this post, we are not going to take a look at the VirusTotal API, that will be a different post, but we will start with the tips and tricks which will guide you through the VirusTotal platform.

File upload

The first thing that VirusTotal offers is the File upload function, here you can upload any file to the VirusTotal platform.

VirusTotal has multiple sandbox engines, and they can run a lot of files, there is just one big thing you need to know; Malware authors are aware of sandboxing techniques and environments like VirusTotal, so they will instruct their malware to stop any malicious operation if it recognizes that it is being run in the VirusTotal sandbox environment.

The link to upload a file to VirusTotal is:


The next option VirusTotal provides is the URL search/scan function. If you provide an URL which is known, VirusTotal will show you the report of that URL, but if you provide an URL which is unknown, the URL will be send towards the VirusTotal sandbox environment and after a moment, you will get an report with the observations.

The URL search/scan function can be found here:


The VirusTotal platform also allows you to search for reports, comments and indicators of compromise.

You can search by providing one of the following values:

  • URL
  • IP address
  • Domain
  • File Hash
  • Any string (for example: darkcomet)

The URL search/scan function can be found here:
Share this with people that should know this: