After discovering a suspicious executable on a user's workstation during triage, a security analyst needs a fast way to check whether the file's hash already matches known malware samples without installing additional software. Which of the following tools would provide the quickest reputation verdict by scanning the file with multiple antivirus engines simultaneously?
VirusTotal is a free online service that analyzes files and URLs for viruses, worms, trojans, and other malicious content detected by dozens of antivirus engines. Uploading the file or its hash yields an immediate reputation report, making it the most efficient first step. Wireshark and tcpdump specialize in packet capture and network traffic analysis, while WHOIS is used for domain or IP registration lookups, none of which directly determine if a file is malicious.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VirusTotal, and how does it work?
Open an interactive chat with Bash
Why is Wireshark not suitable for determining if a file is malware?
Open an interactive chat with Bash
How does tcpdump differ from VirusTotal in functionality?