# File Analysis Uploaded files can be downloaded by premium users. Be aware that sensitive information shouldn't be uploaded to VirusTotal VirusTotal gives you a breakdown of how many security companies detect a file as malicious. The Tags section provide information about how the file has been classified based on its behavior. ## Detection Each vendor provides a label with which to designate a file as malicious ## Details Provides Basic Properties - MD5 - SHA-1 - SHA-256 - Vhash - SSDEEP - TLSH - File Type - Magic - TrID - File Size ### History - Creation Time - First seen - First submission - Last submission - Last analysis ## Relations Detailed information about domain, IP, URL, and other files the uploaded file communicates with. - IMPORTANT NOTE - New generation malware does not always exhibit the same behavior. Attempt to bypass security by taking different actions in different systems. ## Behavior List activities that help classify as malicious - Network connections - DNS queries - file reading/deletion - registry actions - process activities Can filter by manufacturer ## Community Comments added which typically share important details such as how file was obtained, what to consider during analysis, or what was undetected # Scanning URLs with VirusTotal Detection and Details will be similar to File Analysis ## Links lists related/outgoing links # Searching for IOC When receiving indicators of compromise, can upload to VT to find out more about their historical analysis - Hash - IP Address - relations # Key Points ## Old Analysis Results Old results are cached, since attackers know VT is often used, they can generate harmless URLs, scan, then replace content ## Detection Tags Depending on tags from vendors, file may not actually be harmful. Rule-based analysis leads to false positives