An analyst is investigating a suspected malware file. Which of the following options is the BEST course of action to determine if the file has been previously identified as malicious by multiple antivirus engines?
You selected this option
Examine the organization's firewall logs for any record of the file being downloaded.
You selected this option
Generate a hash of the file and compare it to known good file hashes.
You selected this option
Upload the file to VirusTotal to check it against multiple antivirus engines.
You selected this option
Review the application logs where the file was originally executed.
VirusTotal aggregates multiple antivirus products and online scan engines to check for viruses and malware, and it provides results about files and URLs to the user. It is the best option for checking if a file has been previously identified as malicious by various antivirus engines. Hashing a file may allow an analyst to check a specific hash against known databases, but it does not provide the comprehensive analysis of multiple engines. Checking firewall logs would not help to identify a file as malicious; it may only show that the file has been transferred. Reviewing application logs can reveal irregularities or evidence of malware execution but does not directly correlate with antivirus engine determinations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VirusTotal and how does it work?
Open an interactive chat with Bash
What are file hashes and why are they important in cybersecurity?
Open an interactive chat with Bash
Why is it not sufficient to just check firewall logs when investigating malware?