Wednesday, 6 March 2013

VirusTotal += Android execution reports

Last year we included sandbox execution reports for Portable Executable files thanks to the amazing tool developed by Claudio “nex” Guarnieri and his team, Cuckoo. We are excited to announce that as of today we are also displaying behavioural reports for Android applications (APKs).

Indeed, when informing you about Anthony's return from the Android jungle we promised there would be some further new and exciting features to come. While traversing a cascade of APK, ODEX, DEX, AXML and ARSC species he discovered that sometimes Androguard was not enough to distinguish the good from the evil, he needed something more, he needed to record how these species behaved in order to have a clearer picture in mind of their malicious or harmless intentions.

Attending to these needs he developed an in-house Android Sandbox where these fancy creatures could play around, spit their SMS, excreate their files, sing melodic HTTP conversations and perform animal matters.

These are some examples of the reports produced (Behaviour information tab):

https://www.virustotal.com/en/file/b707d23bfc22908ae8ee2f6e2d0bc9c74135af18c5eea2b3bcca7471d08985c2/analysis/

https://www.virustotal.com/en/file/6775a8711283ce4f6f1f000f3bd6d65bb1666c37175efd6b3edc2091842eeeb7/analysis/

https://www.virustotal.com/en/file/1230d64ccba3f7f5b32972308295ce90ffa7a95cb8f713c7c39ead88e4faff6d/analysis/

Please note that these reports will appear in an asynchronous fashion, they may not be generated until a couple of minutes after your file scan ends.

Those users with private API or allinfo privileges will see this information in the API responses. As to VirusTotal Intelligence, we will soon be indexing this data and the new Androguard outputs in order to enhance our search functionality, stay tuned, pay attention to the pertinent documentation.

VirusTotal += Fortinet URL Scanner


FortiGuard Labs analyzes events in real time throughout cyberspace, including both the domain (URL) and IP level. If a website or server hosts malware, attack code, or has been used in spam emails these events will be analyzed by the lab. A history of these events, along with additional intelligence data is available through our URL and IP Lookup tool.
This is how Fortinet describes its web filtering solution which has just been integrated in VirusTotal. With this inclusion we reach 38 URL scanners, we want to surpass 40, hence, if you have any interesting malicious URL dataset or URL scanner please do not hesitate to contact us, we will be more than happy to include you!

This is a permalink to a report showing Fortinet's detection of a phishing site:
https://www.virustotal.com/en/url/3b7819d0ced38ed3d754fcf34378a07c6fc6559116353534ac028d6395020197/analysis/1362562630/

Thank you Fortinet team!