VirusTotal now offers PCAP analysis

April 28, 2013 – 8:55 AM

VirusTotal is a greedy creature, one of its gluttonous wishes is to be able to understand and characterize all the races it encounters, it already understood the insurgent collective of Portable Executables, the greenish creatures known as Android APKs, the talkative PDF civilization, etc. as of today it also figures out PCAPs, a rare group of individuals obsessed with recording everything they see.

PCAP files contain network packet data created during a live network capture, often used for packet sniffing and analyzing data network characteristics. In the malware research field PCAPs are often used to:

  • Record malware network communication when executed in sandboxed environments.
  • Record honeyclient browser exploitation traces.
  • Log network activity seen by network appliances and IDS.
  • etc.

We have seen that many users send their PCAPs to VirusTotal, these PCAPs often contain HTTP flows whereby a trojan is downloaded, recording worm scanning sweeps, logging exploits being delivered to a honeymonkey, etc. We want to help those users submitting PCAPs to VirusTotal and improve their research, that is why we have introduced PCAP analysis.


You must be logged in to post a comment.