Often we encounter executable file which could be useful but have no relevant description attached with it. Although it is always recommended not to use unknown executable files, I will discuss with you about a service that you may use as an alternative.
Most of you must be aware of Emsisoft. They are the developer of Emsisoft Antimalware (formerly A-Squared Antimalware), Emergency Kit, Mamutu, Online Armour etc. Emsisoft maintains a online service called "Is This File safe?". There are other online services that analyze unknown files mainly by scanning with a many antimalware engines (like VirusTotal, VirScan) or analyzes their activity in sandbox (like ThreatExpert, Comodo Instant Malware Analysis). But "Is This File safe?" is unique in many senses.
"Is This File safe?" currently have 5,424,374 files in database, which is increasing every hour. The database have probably been populated mainly with the help of their behavior based engine or Mamutu that is connected to Emsisoft cloud server.
The files in database are marked as "Good", "Bad" or "New". I am not sure if Emsisoft determines good or bad based on their engine detection but from the "New" category it seems it does not. It seems that all the file rating are actually made by manual analysis and not by heuristic/generic detection. Also in the file description its lists about the suspicious behavior showed by that executable and also gives a link to VirusTotal scan of the file based on MD5 hash search.
In the file description it lists many other thing like First seen, Last seen, Countries of origin, File Name, Company info, Version Number, Description, Digital Certificate Status, Copyright etc. Such a detailed description is really astonishing.
"Is This File safe?" allows searching file based on its
- "File Name" (e.g. Firefox.exe),
- "Company" (e.g. Google),
- "Product" (e.g. Avast Antivirus),
- "Description" (e.g. Media Player) and hashes
- "MD5" (e.g. 30D58A34E7FD4E573D5AD0C9E6D5DECA) and
- "SHA-1" (e.g. 54DB19DAB5C4F12A97430D34B14D2AA8AB67C3BD).
"Is This File safe?" also lists files based on its
I have made a demo video that you may like to watch to see how many things and how many ways you can explore an executable.
This service by no means is complete as no database can incorporate all files that are circulating all the time offline and online. Still it's quite useful and informative and obviously from a reputable company.
Obviously the service has bugs/mistakes. It detected one of my files as not having digital signature when I searched using its MD5 hash. If you are interested you can contact them to give feedback or send bugs.
Lastly, according to Emsisoft the enlisted files in last 30 days have this kind of distribution.
Courtesy: Emsisoft
Good Night!
No comments:
Post a Comment
Place you comment here. No spamming please.