- Implemented improved VirusTotal queries with file uploads if the file has not been previously scanned by VirusTotal. This is used in the d7x Examine File ability, available either through d7x Shell Extensions for Windows Explorer, through either KillEmAll or KillEmAll GUI, or through d7x Malware Search Tool. Configure on the d7x Config > Admin tab.
- This ability requires you to bring your own VirusTotal API key, learn how to obtain one here (you simply register for an account with the VirusTotal Community, and the key is then available in your newly registered account, find it from the drop-down menu under your username.)
- Previously, the Examine File prompt used Sysinternals sigcheck.exe for the initial VirusTotal query, but that comes with some limitations and the result for whatever reason in some cases has not lined up with the actual VirusTotal result, and in other cases something fails in the process of obtaining the result. With d7x internal VirusTotal code and your own API key, the result is accurate.
- If you do not enter a VirusTotal API key, Sysinternals sigcheck.exe will continue to be used for the initial VirusTotal query, but subsequent queries from the drop-down menu at the top will not function without the API key.
- dBug v21.12.9 also released a few days ago fixes a problem with Windows 11, where upon reboot the Taskbar was missing icons even the Start Menu, and File Explorer was blank.
- KillEmAll v21.12.13 released yesterday fixes an issue with a very specific incorrect instance of file hashing causing a re-upload of the file to VirusTotal, and the function never retrieves a result, it just continued to upload any time the file is queried subsequently. The fix actually requires .NET Framework 4.0, if it isn’t installed the potentially incorrect code will be used (but this appears to be an issue on Windows 10, and since all versions of Windows 10 will .NET Framework 4.0, you can always expect a correct result.)
- d7x v21.12.14.1
- Nirsoft utilities that are often targeted by anti-virus/malware apps (when used by d7x, such as for Info Report generation) are now downloaded to and extracted from memory, instead of downloading to a temporary folder on disk and then extracting the zip file from there to another path on disk. This should give any active anti-virus on the system one, or actually two less opportunities to stop our goal of running the software… but ultimately depending on the security software and how it works or what layers of protection are enabled, this technique may or may not help, but I figured it was worth a shot.
- d7x v21.12.14.3
- If you have a custom app that downloads a large enough zip file, you will notice it decompressing the zip with a progress bar.
Leave a Reply