You’ve just received a strange email with an attachment you weren’t expecting. You know from our guide to spotting phishing attacks that you should never open it blindly. So, what’s the next step?
Before you delete it, you can investigate it like a security professional. The first and most important tool for this job is VirusTotal.
This guide will explain what VirusTotal is and walk you through the simple, step-by-step process of using it to safely check any suspicious file or link for malicious content.
What is VirusTotal?
VirusTotal is a completely free online service, owned by Google, that analyzes files and URLs for malware.
It’s not an antivirus program itself; it’s an aggregator. When you upload a file, VirusTotal doesn’t just scan it with one engine. It sends it to over 70 different antivirus scanners and security tools (like Bitdefender, McAfee, Kaspersky, Malwarebytes, and many more) and shows you the combined results.
The Analogy: It’s like getting a second, third, and seventieth opinion from a global team of specialist doctors all at once, in seconds.
How to Use VirusTotal to Check a File (Step-by-Step)
Let’s say you have a suspicious file named Invoice.pdf that you saved from an email.
- IMPORTANT: Do NOT open or double-click the suspicious file. Simply save it to a known location, like your Desktop or Downloads folder.
- Open your web browser and go to the official website:
https://www.virustotal.com/ - The page will open on the “File” tab. Click the big blue button that says “Choose file”.
- Navigate to and select the suspicious file (
Invoice.pdf) from your computer. VirusTotal will immediately start uploading and analyzing it.
How to Understand the Results
After the scan is complete, you will see a results page. The most important part is the detection ratio at the top. It will look something like this: 6/72.
- What this means: This ratio means that 6 out of 72 antivirus engines detected this file as malicious.
- How to interpret it:
- If the result is
0/72, the file is very likely safe. - If the result is
1/72or2/72, it could be a “false positive,” but you should still be extremely cautious. - If the result is
5/72or higher, the file is almost certainly malicious. You should delete it immediately.
- If the result is
You can also click the “Details” tab to see more technical information, and the “Community” tab to see if other users have left comments about this file.
How to Use VirusTotal to Check a Link
Checking a suspicious link is even easier and safer.
- Go to the VirusTotal homepage.
- Click on the “URL” tab.
- Copy the suspicious link from the email or website.
- Paste the link into the search bar and press Enter.
VirusTotal will scan the link and show you a similar detection ratio, telling you if any security vendors have flagged that URL as malicious.
A Crucial Warning: Privacy
VirusTotal is a public service. Any file you upload is shared with security researchers and antivirus companies. Therefore, NEVER upload a file that contains sensitive personal or confidential information.
Conclusion: Your First Step in Malware Analysis
VirusTotal is an essential, free tool for any security-conscious user. It empowers you to quickly and safely check suspicious files and links before they can do any harm. Making a habit of using it is your first practical step into the world of malware analysis.
Ready to get your hands dirty? Subscribe to CyberTerminal to stay updated!
Join the CyberTerminal Community
Become an insider. Get exclusive tips and our best cybersecurity content first.