{"id":19055380,"url":"https://github.com/evotecit/virustotalanalyzer","last_synced_at":"2025-04-24T04:19:49.452Z","repository":{"id":56066002,"uuid":"523088425","full_name":"EvotecIT/VirusTotalAnalyzer","owner":"EvotecIT","description":"PowerShell module that intearacts with the VirusTotal service using a VirusTotal API (free)","archived":false,"fork":false,"pushed_at":"2025-01-07T11:36:39.000Z","size":73,"stargazers_count":54,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-18T12:18:34.898Z","etag":null,"topics":["hacktoberfest","powershell","virustotal","virustotal-api"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EvotecIT.png","metadata":{"files":{"readme":"README.MD","changelog":"CHANGELOG.MD","contributing":null,"funding":".github/FUNDING.yml","license":"License","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"PrzemyslawKlys","custom":["https://paypal.me/PrzemyslawKlys"]}},"created_at":"2022-08-09T19:48:09.000Z","updated_at":"2025-03-25T15:22:31.000Z","dependencies_parsed_at":"2022-08-15T12:31:04.416Z","dependency_job_id":"f10fab8b-50a5-4290-83e0-363472142290","html_url":"https://github.com/EvotecIT/VirusTotalAnalyzer","commit_stats":{"total_commits":36,"total_committers":1,"mean_commits":36.0,"dds":0.0,"last_synced_commit":"4ccaf5324662aea9f5446b75b92389e4f856c5a6"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FVirusTotalAnalyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FVirusTotalAnalyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FVirusTotalAnalyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FVirusTotalAnalyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EvotecIT","download_url":"https://codeload.github.com/EvotecIT/VirusTotalAnalyzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250560744,"owners_count":21450285,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","powershell","virustotal","virustotal-api"],"created_at":"2024-11-08T23:44:39.668Z","updated_at":"2025-04-24T04:19:49.431Z","avatar_url":"https://github.com/EvotecIT.png","language":"PowerShell","funding_links":["https://github.com/sponsors/PrzemyslawKlys","https://paypal.me/PrzemyslawKlys"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.powershellgallery.com/packages/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/powershellgallery/v/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.powershellgallery.com/packages/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/powershellgallery/vpre/VirusTotalAnalyzer.svg?label=powershell%20gallery%20preview\u0026colorB=yellow\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/EvotecIT/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/github/license/EvotecIT/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.powershellgallery.com/packages/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/powershellgallery/p/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/EvotecIT/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/github/languages/top/evotecit/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/EvotecIT/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/github/languages/code-size/evotecit/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.powershellgallery.com/packages/VirusTotalAnalyzer\"\u003e\u003cimg src=\"https://img.shields.io/powershellgallery/dt/VirusTotalAnalyzer.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://twitter.com/PrzemyslawKlys\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/PrzemyslawKlys.svg?label=Twitter%20%40PrzemyslawKlys\u0026style=social\"\u003e\u003c/a\u003e\n \u003ca href=\"https://evotec.xyz/hub\"\u003e\u003cimg src=\"https://img.shields.io/badge/Blog-evotec.xyz-2A6496.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.linkedin.com/in/pklys\"\u003e\u003cimg src=\"https://img.shields.io/badge/LinkedIn-pklys-0077B5.svg?logo=LinkedIn\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# VirusTotalAnalyzer PowerShell Module\n\n**VirusTotalAnalyzer** is very small PowerShell module that helps with submiting files to VirusTotal service and getting results.\nIt allowws to check if file is infected or not and also to get information about file.\nYou can also request information about URL, Domain or IPAddress.\n\n\nYou can read about it on my blog:\n\n- [Working with Virus Total from PowerShell](https://evotec.xyz/working-with-virustotal-from-powershell/)\n\n### Getting information from VirusTotal\nAfter installation of module you can use it like this:\n\n```powershell\nImport-Module VirusTotalAnalyzer -Force\n\n# API KEY can be found once you register to Virus Total service (it's free)\n$VTApi = 'APIKEY'\n\n$T1 = Get-VirusReport -ApiKey $VTApi -Hash 'BFF77EECBB2F7DA25ECBC9D9673E5DC1DB68DCC68FD76D006E836F9AC61C547E'\n$T2 = Get-VirusReport -ApiKey $VTApi -File \"$PSScriptRoot\\Submisions\\TestFile.txt\"\n$T3 = Get-VirusReport -ApiKey $VTApi -DomainName 'evotec.xyz'\n$T4 = Get-VirusReport -ApiKey $VTApi -IPAddress '1.1.1.1'\n$T5 = Get-VirusReport -ApiKey $VTApi -Search \"https://evotec.xyz\"\n```\n\nEach variable from above delivers additional information about given request.\n\nOutput first level\n```\ndata\n----\n@{attributes=; type=file; id=bff77eecbb2f7da25ecbc9d9673e5dc1db68dcc68fd76d006e836f9ac61c547e; links=}\n```\n\n\nOutput second level\n```\nattributes\n----------\n@{type_description=Powershell; tlsh=T10404B65A7D05522320B36B76E8A78008FF77423B4254111978ECD6C87F75928D3BAFEA; vhash=029198501f8f46256cb0cf2e4fbb8ce7; trid=System.Object[]; crowdsourced_yara_results=System.Object[]; names=System.Object[]; last_modification_date=1659953097; type_tag=powers...\n```\n\nOutput third level\n```\nattributes : @{type_description=Powershell; tlsh=T10404B65A7D05522320B36B76E8A78008FF77423B4254111978ECD6C87F75928D3BAFEA; vhash=029198501f8f46256cb0cf2e4fbb8ce7; trid=System.Object[]; crowdsourced_yara_results=System.Object[]; names=System.Object[]; last_modification_date=1659953097;\n type_tag=powershell; times_submitted=2; total_votes=; size=184182; type_extension=ps1; last_submission_date=1659903352; last_analysis_results=; sandbox_verdicts=; sha256=bff77eecbb2f7da25ecbc9d9673e5dc1db68dcc68fd76d006e836f9ac61c547e; tags=System.Object[];\n last_analysis_date=1659903352; unique_sources=2; first_submission_date=1659862256; ssdeep=3072:wMxUx42PfUYYxlQ7uZtAcI5GCy23KV9syb0wqV:wa2G923K6V; md5=e3c925286ccafd07fb61bd6a12a2ee94; sha1=79fc6a99468f83c7f98e58fdbb811cd95a153567; magic=UTF-8 Unicode (with BOM) English text,\n with very long lines, with CRLF line terminators; powershell_info=; last_analysis_stats=; meaningful_name=PSPublishModule.psm1; reputation=0}\ntype : file\nid : bff77eecbb2f7da25ecbc9d9673e5dc1db68dcc68fd76d006e836f9ac61c547e\nlinks : @{self=https://www.virustotal.com/api/v3/files/bff77eecbb2f7da25ecbc9d9673e5dc1db68dcc68fd76d006e836f9ac61c547e}\n```\n\nOutput fourth level\n\n```\ntype_description : Powershell\ntlsh : T10404B65A7D05522320B36B76E8A78008FF77423B4254111978ECD6C87F75928D3BAFEA\nvhash : 029198501f8f46256cb0cf2e4fbb8ce7\ntrid : {@{file_type=Text - UTF-8 encoded; probability=100.0}}\ncrowdsourced_yara_results : {@{description=This signature fires on the presence of Base64 encoded URI prefixes (http:// and https://) across any file. The simple presence of such strings is not inherently an indicator of malicious content, but is worth further investigation.;\n source=https://github.com/InQuest/yara-rules-vt; author=InQuest Labs; ruleset_name=Base64_Encoded_URL; rule_name=Base64_Encoded_URL; ruleset_id=0122bae1e9}, @{description=This signature detects the presence of a number of Windows API functionality often seen\n within embedded executables. When this signature alerts on an executable, it is not an indication of malicious behavior. However, if seen firing in other file types, deeper investigation may be warranted.; source=https://github.com/InQuest/yara-rules-vt;\n author=InQuest Labs; ruleset_name=Windows_API_Function; rule_name=Windows_API_Function; ruleset_id=0122a7f913}}\nnames : {PSPublishModule.psm1}\nlast_modification_date : 1659953097\ntype_tag : powershell\ntimes_submitted : 2\ntotal_votes : @{harmless=0; malicious=0}\nsize : 184182\ntype_extension : ps1\nlast_submission_date : 1659903352\nlast_analysis_results : @{Bkav=; Lionic=; tehtris=; DrWeb=; MicroWorld-eScan=; FireEye=; CAT-QuickHeal=; ALYac=; Malwarebytes=; VIPRE=; Paloalto=; Sangfor=; K7AntiVirus=; Alibaba=; K7GW=; Trustlook=; BitDefenderTheta=; VirIT=; Cyren=; SymantecMobileInsight=; Symantec=; Elastic=;\n ESET-NOD32=; APEX=; TrendMicro-HouseCall=; Avast=; ClamAV=; Kaspersky=; BitDefender=; NANO-Antivirus=; SUPERAntiSpyware=; Tencent=; Ad-Aware=; Emsisoft=; Comodo=; F-Secure=; Baidu=; Zillya=; TrendMicro=; McAfee-GW-Edition=; SentinelOne=; Trapmine=; CMC=;\n Sophos=; Ikarus=; GData=; Jiangmin=; Webroot=; Avira=; Antiy-AVL=; Kingsoft=; Gridinsoft=; Arcabit=; ViRobot=; ZoneAlarm=; Avast-Mobile=; Microsoft=; Cynet=; BitDefenderFalx=; AhnLab-V3=; Acronis=; McAfee=; MAX=; VBA32=; Cylance=; Zoner=; Rising=; Yandex=;\n TACHYON=; MaxSecure=; Fortinet=; Cybereason=; Panda=; CrowdStrike=}\nsandbox_verdicts : @{C2AE=}\nsha256 : bff77eecbb2f7da25ecbc9d9673e5dc1db68dcc68fd76d006e836f9ac61c547e\ntags : {powershell}\nlast_analysis_date : 1659903352\nunique_sources : 2\nfirst_submission_date : 1659862256\nssdeep : 3072:wMxUx42PfUYYxlQ7uZtAcI5GCy23KV9syb0wqV:wa2G923K6V\nmd5 : e3c925286ccafd07fb61bd6a12a2ee94\nsha1 : 79fc6a99468f83c7f98e58fdbb811cd95a153567\nmagic : UTF-8 Unicode (with BOM) English text, with very long lines, with CRLF line terminators\npowershell_info : @{dotnet_calls=System.Object[]; cmdlets=System.Object[]; functions=System.Object[]; cmdlets_alias=System.Object[]; ps_variables=System.Object[]}\nlast_analysis_stats : @{harmless=0; type-unsupported=15; suspicious=0; confirmed-timeout=0; timeout=0; failure=0; malicious=0; undetected=59}\nmeaningful_name : PSPublishModule.psm1\nreputation : 0\n```\n\nDepending on which type of object we're working with the results may be diferrent.\n\n### Sending a file or url to Virus Total\n\nTo send Url to Virus Total\n\n```powershell\nImport-Module VirusTotalAnalyzer -Force\n\n$VTApi = 'APIKEY'\n\nNew-VirusScan -ApiKey $VTApi -Url 'evotec.pl'\nNew-VirusScan -ApiKey $VTApi -Url 'https://evotec.pl'\n```\n\nTo send file to Virus Total\n\n```powershell\nImport-Module VirusTotalAnalyzer -Force\n\n$VTApi = 'APIKEY'\n\n# Submit file to scan\n$Output = New-VirusScan -ApiKey $VTApi -File \"$PSScriptRoot\\Submisions\\TestFile.txt\"\n$Output | Format-List\n\nStart-Sleep -Seconds 60\n\n# Since the output will return scan ID we can use it to get the report\n$OutputScan = Get-VirusReport -ApiKey $VTApi -AnalysisId $Output.data.id\n$OutputScan | Format-List\n$OutputScan.Meta | Format-List\n$OutputScan.Data | Format-List\n```\n\n`New-VirusScan` will return an object which then can be verified via `Get-VirusReport`.\nGive it some time before checking for results, as it takes time to scan the file.\n`New-VirusScan` also provides a way to rescan a file that was already submitted.\nYou can do so using `Hash` or `FileHash` paramater.\n\nOnce file is finally scanned it will be available using `Get-VirusTotal` with one of the available options.\n\n## To install\n\n```powershell\nInstall-Module -Name VirusTotalAnalyzer -AllowClobber -Force\n```\n\nForce and AllowClobber aren't necessary, but they do skip errors in case some appear.\n\n## And to update\n\n```powershell\nUpdate-Module -Name VirusTotalAnalyzer\n```\n\nThat's it. Whenever there's a new version, you run the command, and you can enjoy it. Remember that you may need to close, reopen PowerShell session if you have already used module before updating it.\n\n**The essential thing** is if something works for you on production, keep using it till you test the new version on a test computer. I do changes that may not be big, but big enough that auto-update may break your code. For example, small rename to a parameter and your code stops working! Be responsible!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevotecit%2Fvirustotalanalyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevotecit%2Fvirustotalanalyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevotecit%2Fvirustotalanalyzer/lists"}