Scanning to analyze executables.....at novirusthanks.org

[polonus]

Hi malware fighters,

Why should we do this? Because a large amount of malware have protection against AV detection and cannot therefore be easily traced, but you yourself may establish it to be malware. Online here:
http://scanner.novirusthanks.org  there is an option to analyze the ASCII code of the .exe you scanned,

polonus

[CharleyO]

***

Nice find, Polonus.

I tried it out, liked the way the results were presented, and the extra information given.


***

[Lisandro]

Can you make this scan locally?

[polonus]

Hi Tech,

From your question and reaction  I see you haven't been there yet, because it says there in their disclaimer:

NoVirusThanks.org (NoVirusThanks Virus & Malware Scan Service) is not substitute for any antivirus software installed in a PC, as it only scans individual files on demand. These results DO NOT guarantee the harmlessness of a file. Currently, there isn't any solution that offers a 100% effectiveness rate for detecting malware. You may be a victim of misleading advertising, if you buy such a product under those premises. This website DOES NOT compare Anti-Virus.

(Bold text by me, Polonus)

Damian

[Lisandro]

I see you haven't been there yet

Got me... yeah, I did not go there
Well, it requires upload the file and does not allow local scanning... I thought I'll have an option and I realize I don't have one.

[DavidR]

Well Anubis: Analyzing Unknown Binaries, could be another though some try to avoid this too.

http://anubis.iseclab.org/?action=home

But it is a single detailed analysis of a file not a multiple engine scan.

[polonus]

Hi DavidR,

Can you give the reason why some want to avoid this?

polonus

[DavidR]

There are some malware variants that try to avoid detection by blocking certain detection AVs and methods. I really don't know how they would go about it something I read today in this topic, http://www.wilderssecurity.com/showthread.php?t=238372#post1440149.

I don't know if having managed to identify and upload the file since it wouldn't be running I really don't know how it might hide its intent/purpose from Anubis.