VirusTotal Graph visualizes scans and shows IP connections
VirusTotal Graph is a new feature of the popular virus scanning service that visualizes the relationship between files, URLs, domains and IP addresses of analyzed data sets.
Virustotal is a handy service as it lets anyone upload files to scan them using more than 60 different antivirus engines. The service is not without criticism though; software developers have criticized it in the past for including engines that are prone to false positives.
VirusTotal Graph
VirusTotal Graph is available to all VirusTotal community members. You need to sign in with an account to access Graph but that is the only requirement.
You can open VirusTotal Graph from any scan results page by clicking on the menu icon and selecting the "Open in VirusTotal Graph" button.
The interface that opens is divided into two main panes. The main pane displays the graph, the sidebar information about the selected node.
The screenshot above visualizes a simple graph of the program NoBot which I reviewed previously here on the site.
It shows the exefile as the root note and a network location that was found during the scan. The file itself was not flagged by any antivirus engine but the URL in question was. Virustotal does not reveal the fact on its main website when you scan the file, but it does reveal it in Graph.
Graphs can be complex depending on the file that you upload. VirusTotal published a screenshot of a graph with more than a hundred nodes on the official blog.
Graph visualizes the analysis process on VirusTotal. It provides you with information that the main scan results don't reveal. This includes among other things contacted IP addresses or URLs found in files during the scan.
You can follow nodes to highlight connections and get information about each node you click on right away.
File nodes reveal the type, size and the date the sample was submitted for the first time for instance. Graph displays detection information, and it is possible to edit the graph. You can add new nodes (file, URL, domain or IP addresses) to the graph. This can be useful if a file archive contains multiple files that you wanted to scan individually.
Graphs can be saved so that you can go back to a saved graph at a later point in time. Saving happens online on the VirusTotal servers and not offline. You get a graph ID when you save a graph which you need to access through a link provided to you.
Closing Words
VirusTotal Graph is a useful tool that visualizes the analysis and by doing so, may reveal additional information about a file. The fact that the tool reveals contacted IP addresses and found URLs alone is well worth the hassle of creating an account on the site in my opinion. (via Bleeping Computer)
VirusTotal can be misleading because unless you force a rescan, the scans were performed with old definitions.
Is ghacks.net supported on Opera (on Android). I get only old articles (before new theme). Ads aren’t blocked, removed cookies and settings. And still no new articles.
Yes it is supported. Try Ctrl-F5 to refresh the page. Does that help?
How to do ctrl+f5 on mobile phone?
Sorry did not know that you were on the phone. Which browser do you use?
https://play.google.com/store/apps/details?id=com.opera.browser&hl=en
Opera
With Desktop view I see all articles, without Desktop view I see only old articles.
Should be fixed now, can you confirm?
Yes. It works. Thanks.
Thank you for reporting this. It seems to be a bug that I will address asap.
I will download and check this out and try to find a solution.
VirusTotal is indeed a useful thing. Too bad it’s Google again…
More to the Community Score story, “the more” being readily available by using Ghostery and uBlock Origin. One will find the trackers blocked on gHacks using Ghostery, and if one configures uBlock Origin correctly, the site is broken and won’t display correctly. At first, I thought it was a “bug” with Nightly, but a quick check and update of Chrome and the aforementioned tools, the same result occurs.
One may say, “How does one configure uBlock Origin corrrectly” so that the site is broken? That is a good question since no other site I visit is “broken” other than those having adware/malware elements blocked by uBlock. Sites such as CNN, Aljazeera, How-to-Geek, etc. all work fine.
So . . . scope and sequence.
I don’t experience what you relate, jasray. uBlock Origin here is configured to “block all, accept occasionally” (so to say) and I’ve never had the slightest problem. The result in one site accepted (ghacks.net) whilst three are blocked (criteo.net, googlesyndication.com, googletagservices.com).
Reading you would give the feeling ghacks is I don’t know what sort of empire of ads & trackers which it is not. My analyze is that ghacks includes the strict minimum regarding ads to allow it to pay its bills and that this basic revenue isn’t enough and yet isn’t provided by extras which would relax the financial situation but impact the site’s users. Anyone can check this by himself. Do visit some sites which have 10, 15, 20 or more calls to 3rd-parties and you’ll see what a total lack of respect for the users can possibly be. This is definitely *not* the case here.
How have you configured uBlock Origin? I think it is a bit harsh to assume that adware or malware is the reason without providing evidence of that.
No emotion like “harsh.” It’s simply looking at results from tools that are recommended by gHacks.
Nice, new headline in the news: “Criteo predicts 20+ per cent losses after Apple updates its anti-tracking tech.” Criteo, of course, is one of the Ghostery blocks.
uBlock Origin is set with all options out-of-the-box vanilla usage.
The reply was only in relation to why Virus Total may give a low Community Rating. More information needed for readers–great site, though.
Oh, read the uBlock log for the information you need; it’s much too long and convoluted for audience reading.
I tested the site with vanilla uBlock and it works fine. I cannot fix the issue without proper information.
Why is Community score for ghacks.net -29 on VirusTotal?
This is not in favor of VirusTotal’s reliability. Moreover when anonymous votes are taken into consideration. I wasn’t aware of this Community voting (I visit VirusTotal always quickly to check an application and exit as quickly as I entered).
Google “safety” at work.
One anonymous user and another user gave an unsafe vote. The anonymous user’s vote had a weight of -28. Just seven seconds between both votes and those have been the only ones.
So we ALL here give it a good rating than… but I tried and cannot vote for some reason. But I use Winja for uploading files trough VT. Verry neat program…
Kz form Belgium
Interesting. What does an application perform, where does it link to once it’r run? VirusTotal Graph answers that. As I read this article I also believe it is worth registering a VirusTotal account to access this new feature.
As far as I know VirusTotal accepts all file formats. If this is true I’ll consider submitting to VirusTotal Graph Firefox extensions because as we know uBlock Origin as a Webextension no longer has the ability to filter extension calls to 3rd-party websites (one has to rely on system-wide filters), and that bothers me (an example of this is the extension called Screengrab! which has been spotted as sending domains of all newly visited sites to discount.s3blog.org.- even if advertisement option is disabled !!!, I checked this myself).
Nice find, Martin.