[Day 20] Blue Teaming What’s the Worst That Could Happen? | Advent of Cyber 3 (2021)
Today we will be learning about identify a malicious file with virus total, the most famous online virus detection.
Learning Objectives:
- How to identify the file type of a file regardless of file extension
- How to find strings in a file
- How to calculate hash of a file
- Using VirusTotal to perform preliminary analysis of a suspicious file
let’s to analysis the file..
# Open the terminal and navigate to the file on the desktop named ‘testfile’. Using the ‘strings’ command, check the strings in the file. There is only a single line of output to the ‘strings’ command. What is the output?
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
# Check the file type of ‘testfile’ using the ‘file’ command. What is the file type?
EICAR virus test files
# Calculate the file’s hash and search for it on VirusTotal. When was the file first seen in the wild?
2005–10–17 22:03:48
Copy the hash file,
Paste in the virustotal website.
# On VirusTotal’s detection tab, what is the classification assigned to the file by Microsoft?
Virus:DOS/EICAR_Test_File
# Go to this link to learn more about this file and what it is used for. What were the first two names of this file?
ducklin.htm or ducklin-html.htm
# The file has 68 characters in the start known as the known string. It can be appended with whitespace characters upto a limited number of characters. What is the maximum number of total characters that can be in the file?
128
Conclusion
Virus Total not a perfect detector malicious file, because it is an integrated antivirus who detect previous virus, but you could use this platform for detect the popular virus. It’s make your time be efficient. Keep don’t trust any file.
Thanks
