2Likes
LinkBack URL
About LinkBacksVirusTotal Graph is a new feature of the popular virus scanning service that visualizes the relationship between files, URLs, domains and IP addresses of analyzed data sets.
Virustotal is a handy service as it lets anyone upload files to scan them using more than 60 different antivirus engines. The service is not without criticism though; software developers have criticized it in the past for including engines that are prone to false positives.
VirusTotal Graph
VirusTotal Graph is available to all VirusTotal community members. You need to sign in with an account to access Graph but that is the only requirement.
You can open VirusTotal Graph from any scan results page by clicking on the menu icon and selecting the “Open in VirusTotal Graph” button.
The interface that opens is divided into two main panes. The main pane displays the graph, the sidebar information about the selected node.
The screenshot above visualizes a simple graph of the program NoBot which I reviewed previously here on the site.
It shows the exefile as the root note and a network location that was found during the scan. The file itself was not flagged by any antivirus engine but the URL in question was. Virustotal does not reveal the fact on its main website when you scan the file, but it does reveal it in Graph.
Graphs can be complex depending on the file that you upload. VirusTotal published a screenshot of a graph with more than a hundred nodes on the official blog.
Graph visualizes the analysis process on VirusTotal. It provides you with information that the main scan results don’t reveal. This includes among other things contacted IP addresses or URLs found in files during the scan.
You can follow nodes to highlight connections and get information about each node you click on right away.
File nodes reveal the type, size and the date the sample was submitted for the first time for instance. Graph displays detection information, and it is possible to edit the graph. You can add new nodes (file, URL, domain or IP addresses) to the graph. This can be useful if a file archive contains multiple files that you wanted to scan individually.
Graphs can be saved so that you can go back to a saved graph at a later point in time. Saving happens online on the VirusTotal servers and not offline. You get a graph ID when you save a graph which you need to access through a link provided to you.
Closing Words
VirusTotal Graph is a useful tool that visualizes the analysis and by doing so, may reveal additional information about a file. The fact that the tool reveals contacted IP addresses and found URLs alone is well worth the hassle of creating an account on the site in my opinion.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
01-10-2018 #1sednaGuest
VirusTotal Graph visualizes scans and shows IP connections
Reply With Quote
