Process Explorer—part of the Microsoft’s Sysinternals suite of applications—recently received an upgrade allowing users to query VirusTotal for files running on their PCs.

Microsoft  acquired Windows Sysinternals (formerly known as Winternals Sotware) in 2006. The service offers a lot of technical resources, among the most popular being the Sysinternals Suite.

A lot of the Sysinternals tools are very useful for malware analysis. Some of these tools, like Process Explorer, are occasionally targeted by malware because of it’s ability to view running processes at a very granular level of detail.

procexp
Running Processes Viewed with Process Explorer

In order to use VirusTotal to scan the file of a process running on your computer, you must right-click the file and select ‘Check VirusTotal’.

checkVT

Before you can submit a file, you have to agree to the Terms-of-Service (ToS). This dialog will not appear again after you click ‘Yes’.

VT_TOS

Afterward, you can right-click the file again, this time selecting ‘Properties’. The VirusTotal detections will be displayed near the bottom.

fileProp

While most researchers are already familiar with VirusTotal, this added functionality will be very useful for anyone wanting to quickly scan a suspicious file on their PC.

_________________________________________________________________

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. Twitter: @joshcannell