Malware Detection Tools
VirusTotal
​
VirusTotal examines files using more than 70 antivirus scanners and URL/domain blacklisting services, as well as a variety of methods to retrieve signals from the material Any user can use their browser to pick a file from their device and submit it to VirusTotal. The main public web interface, desktop uploaders, browser extensions, and a programmatic API are all options for submitting files to VirusTotal. VirusTotal can help detect malicious content as well as recognise false positives, which are common and harmless objects that are mistakenly identified as malicious by one or more scanners.
Hybrid Analysis
​
Hybrid Analysis is a file analysis technique that combines runtime data with memory dump analysis to uncover all possible execution paths, including for the most evasive malware. The Hybrid Analysis engine's data is automatically analysed and incorporated into the malware summary report. Users can browse through thousands of malware reports and access prototypes and IOCs. Hybrid Analysis digs deep into evasive and unknown threats, adds threat information to the process, and produces actionable indicators of compromise (IOCs).
WICAR Test payload:
​
The wicar.org website is created to ensure that your anti-virus / anti-malware software is functioning properly. The name "WICAR" is derived from the EICAR anti-virus test file, which is a non-harmful file that all anti-virus software identifies as a real virus and quarantine or act on as such. End users and network administrators can verify that anti-virus software is working properly by safely executing a test virus application (without using a real virus which may damage the system should the anti-virus software fail to function).
EICAR TEST-VIRUS - The official EICAR.COM anti-virus test file is a 16-bit DOS COM file that will not operate on modern operating systems but will be identified.
Adobe Flash Hacking Team Leak - Following the loss of over 400GB of data from the company's servers, malware developers are now exploiting an unpatched security weakness in Adobe Flash that was discovered and kept hidden by Italian cyber-surveillance agency Hacking Team.
MS14-064 2003 to Windows 10 - Due to Internet Explorer's incorrect handling of access to memory objects, remote code execution vulnerability exists. A remote attacker can take advantage of this flaw by persuading a user to visit a specially constructed page in Internet Explorer, which will result in the execution of arbitrary code in the current user's context.