Didier Stevens

Friday 3 May 2013

VirusTotal: Searching And Submitting

Filed under: Malware,My Software,Update — Didier Stevens @ 8:47

This is an update for virustotal-search.py and a release of a new tool: virustotal-submit.py. I created this new tool because I needed to submit a sample stored in a password protected ZIP-file (not the ZIP-file), without extracting the sample to disk.

To submit a file to VirusTotal, you just run virustotal-submit.py sample.exe.

If you submit a ZIP file, virustotal-submit.py will extract the first file to memory and submit that to VirusTotal. The ZIP file can be password protected with password “infected”. To submit the ZIP file itself, use option -z.

To submit a batch of samples, create a textfile with the name of the files to submit and use option -f.

virustotal-submit.py supports proxies too (Python variables HTTP_PROXY and HTTPS_PROXY or environment variables http_proxy and https_proxy).

Python module poster is required for this tool.

virustotal-submit_V0_0_1.zip (https)
MD5: 8793C3276822DDE36BA0804D3390AD4D
SHA256: F17B9EEC408833039AE63FCED9F6114F99AADFBE9D547AE88B2C3A6E54AE91B4

Updates to virustotal-search.py:

  • uses json or simplejson module
  • proxies are supported (Python variables HTTP_PROXY and HTTPS_PROXY or environment variables http_proxy and https_proxy)
  • option -g forces virustotal-search.py to use the local database in the same directory as the program

virustotal-search_V0_0_8.zip (https)
MD5: 011C88A9C9026A32DA473187A64E880C
SHA256: 30711202BB0CD01A17AFA7BB8BBFE1545B6A840BDB91D83C7753300EF7E71A8F


  1. […] Use @DidierStevens tool to submit ZIP extracted files to @virustotal using Python module – blog.didierstevens.com/2013/05/03/vir… […]

    Pingback by Latest Tweet Use @DidierStevens tool to submit ZIP extracted fi… | — Wednesday 5 June 2013 @ 20:56

  2. […] Didier Stevens – VirusTotal: Searching And Submitting […]

    Pingback by [May 2013] F-INSIGHT Newsletter | F-INSIGHT — Friday 7 June 2013 @ 17:02

  3. How are the search terms to be specified in the argument file?

    Comment by Tom — Thursday 27 June 2013 @ 21:36

  4. @Tom One search argument per line.

    Comment by Didier Stevens — Saturday 29 June 2013 @ 22:15

  5. […] is a bugfix for my virustotal-submit.py […]

    Pingback by Bugfix virustotal-submit.py Version 0.0.2 | Didier Stevens — Monday 30 September 2013 @ 13:12

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.