When you download software from trusted sources like Microsoft or Google you don’t have to worry much about trustworthiness. But when you download software or any files from random sites or programs sent by friends, how do you verify them?

When we download file or software from unknown sites, we can scan it with our Antivirus(AV) software to check if it is safe to use or a malicious one. What if the actual file is malicious and your AV is not aware of it? Yes, it is possible. It could be recently found malicious software and your AV may not aware of it. How cool would it be if we can scan the downloaded file with 50+ AV tools in a few seconds?

AV tools mostly works on signatures. Each software or a file you have in your computer will have a unique hash. This hash value is used to identify the integrity of the file. Also, most of the valid software will be signed by the company which has developed it. Here is where the following tool will help.

Virustotal

This is a product from Google and you can use it to check any files or software by uploading it. Virustotal is an aggregator of multiple AV tools. It will verify the file and let you know the results from 56+ AV products. Not just files, you can verify URLs and IP addresses of any site. The best part, it is FREE.

If you want to frequently verify files or URLs, Virustotal has extensions for browsers of your choice.

There are some alternatives for Virustotal like OPSWAT Metadefender, Polyswarm, advanced tools like Hybrid-analysis

If your downloaded file is large in size, it may take more time to upload in Virustotal and if it exceeds limit (64MB) it won’t let you upload it. In that scenario, you can compute the hash from your PC and then paste the results in virustotal, so you don’t have to upload a huge file. Microsoft has a utility to compute hash. MAC users can use hash maker.