virustotal hash.png

One of my favorite online services is undoubtedly VirusTotal. The fact that I can get an on-demand scan of any file from over 35 different antivirus apps (for free) is incredible. If I ever have any doubts about the credibility of a file the first thing I do is jump on over to VirusTotal, and see what kind of results it comes back with. In a 24-hour period the service receives about 75,000 uploads, and about half of the files uploaded are actually infected… which is telling as to how important VirusTotal is to its users.

The problem is that uploading a smaller file is fine, but when you get into larger uploads it can be tedious to have to wait for the results. What most people overlook is the “Hash Search” that is offered by VirusTotal. If you enter in a valid file hash you’ll instantly be shown the results of the last file scan that was performed, assuming that someone else has previously uploaded the same file. Hashes have been used for awhile to determine the validity of the file being downloaded, and so this method of identification is highly trusted.

How to you calculate the MD5 of a file? Awhile back we wrote about some Windows tools that integrate into Windows Explorer for calculating both the MD5 and SHA-1 of any file. On a Mac you can open the Terminal, and type “openssl md5 <file>” for the MD5 hash or “openssl sha1 <file>” for the SHA-1 hash:

mac terminal calculate md5.png

VirusTotal Hash Scan