This morning I came across an interesting article from HexBlog titled: VirusTotal Plugin for IDA Pro. I took a look to the date, and actually it’s not really new, but I believe it is still very actual. What a nice idea having the possibility to monitor your binary directly from VirusTotal ! If you are a malware writer this will increase your productively a lot, in fact you might test your binary on most of the known antivirus engines and if it is catch, dynamically you are able to modify it and resubmit it to antivirus engines for a second round of test. An of course you could follow on this way as many time as you like.
Lets see how to install the plugin:
- You need to install on your platform simplejson (from here). It’s a photon package for json ontology
- You need IDAPython 1.5.1 (from here)
- You need the plugin from here (BboeVt module) and VirusTotal plugin
- Copy the BboeVt module to you Python site-package
- Copy VirusTotal.py plugin to $IDA\plugins folder
Lets see hot to use it:
- Run IDAPRO and open a database
- invoke VirusTotal Plugin (Alt-F8)
That’s it !
A huge thank you to hexblog folks !