Tools you can use in your every day cyber-hygiene
A couple of options when handling suspected malware.
There are many times that you come across a file that has suspicious characteristics but your Next Gen AV has been mum?
You can submit the file (or URL for that matter) to Virus Total and you will get a good picture of what the AV engines think of that file. Virus Total is a free virus, malware and URL online scanning service.
There could be a threat that has barely registered on the above AV's radar. Newer exploits and zero days will sometimes not quite register with the AV engines so you will only see two or three who mark the package as suspicious. A good way of finding out if the file or link in question is malicious is to detonate it. Here are a couple of sites where you can see the file in action from the safety of your virtual bunker.
- My personal favorite (especially because the basic version is free) is Any.run. Any.run is "Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research ." There are some Word documents that the user might swear is kosher and I sometimes I detonate a file to see what it spawns. Here is a link to a file I detonated not too long ago.
- If you join (for free) the Center for Internet Security - CIS, you will get access to MCAP. MCAP is their Malicious Code Analysis Platform. You can submit a file and it will give you one of the more comprehensive reports on that particular submission.
- One of the newer platforms coming out of Israel (a LOT of good products have come out of Israeli cybersecurity community) is SNDBOX. This one is is more geared towards malware analysts because the information is very detailed for those out there that are into Malware analysis and reverse engineering (In depth signatures, process tree information and "artifacts")