Showing posts with label PE signature. Show all posts
Showing posts with label PE signature. Show all posts

Thursday, October 24, 2013

, , ,

Sigcheck += VirusTotal

Windows Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

The Sysinternals collection includes awesome tools such as Process Explorer, AutoRuns or Sigcheck, among many others. I can still remember the times where I had to investigate remote e-banking user PCs in order to identify the culprit of a fraudulent transaction (Zbot, Sinowal, Ambler, etc.), at the time, I do not know what I would have done without AutoRuns and ProcessExplorer.

What I am trying to say is that at VirusTotal we are great fans of the Sysinternals utilities. It has been a while since we integrated Sigcheck in VirusTotal, providing extremely useful information about PE signatures, data that can be used in goodware vs. malicious scoring systems, to identify the author of a legitimate piece of software or to spot compromised certificates used in signing malware, just a couple of practical use cases.

Today we are delighted to announce that the relationship has become reciprocal and Mark Russinovich has integrated VirusTotal in Sigcheck. With a simple command-line option you are now able to query the results of a given file in VirusTotal, read more about it at the official site: http://technet.microsoft.com/en-us/sysinternals/bb897441

Thank you Mark! It has been a pleasure working together!