Author: davehull
Subject: Not verified
Posted: 14 June 2014 at 4:29pm
A quick easy check would be to take an MD5 hash of the file(s) and then search VirusTotal for those hashes. It's possible an attacker could roll custom binaries for your environment such that VT won't have a hash match, but if it's "commodity" malware, VT is likely to have seen it.
Subject: Not verified
Posted: 14 June 2014 at 4:29pm
A quick easy check would be to take an MD5 hash of the file(s) and then search VirusTotal for those hashes. It's possible an attacker could roll custom binaries for your environment such that VT won't have a hash match, but if it's "commodity" malware, VT is likely to have seen it.
You could submit the sample to VT for analysis, but that means a bunch of AV companies will get a copy and they will create signatures (if it's malware) and if your company is being specifically targeted, attackers will know you've found them when AV signatures start cropping up to detect their bits, or they may search VT for the MD5 and see that it's been submitted.