Virustotal expands AI security scans to AutoHotkey and other scripts
Google launched VirusTotal Code Insight in April 2023 to expand the functionality of its malware detection and analysis platform. Up until now, VirusTotal could tell its users whether antivirus engines considered a file malicious, but it could not really tell users why.
The introduction of Code Insight changed that. The feature analyses the code of a script and reveals its findings to a user. These findings may explain exactly what the malware does. The initial version was limited to PowerShell scripts, which limited its use significantly.
Google published an updated version of VirusTotal Code Insight this week that expands the supported script types. VirusTotal lists .bat, .cmd, .sh and .vbs file types specifically. Bleeping Computer discovered that AutoHotkey and Python scripts are also supported, even though they were not mentioned in the announcement.
The AI-powered code analysis feature supports the following formats now:
- Microsoft PowerShell scripts (ps)
- Batch files (bat)
- Command Prompt scripts (cmd)
- Shell scripts (sh)
- VBScript (vbs)
- AutoHotkey scripts (ahk)
- Python scripts (py)
The file size limit for scripts processed by Code Insight has been doubled with the update as well. The service plans to increase limits further in the future as work on improving the functionality continues.
VirusTotal notes that model improvements have been implemented to offer "more concise and high-level explanations" that focus on code behavior.
Existing users may notice that the interface of the Code Insight feature has been redesigned to only display the first sentence of the AI's report by default.
The feature is in active development at this stage and should be considered beta. VirusTotal has plans to improve it in the coming months by adding support for additional file formats, support larger file sizes, and support the analysis of executable file types such as .exe.
The team plans to provide more context to the analysis, for instance by giving the AI access to "any metadata related to the URLs and files linked in the code snippet".
Code Insight is an interesting feature as it helps security researchers and also other users analyze the behavior of scripts. Its use will grow when support for additional file types, especially executable files, is added to the service.
While it is still a good idea to scan files with one or multiple antivirus engines, VirusTotal's Code Insight feature may give users a better understanding of the actual dangers of a file.
Now You: do you use VirusTotal?Advertisement