X-Ray 2.0: Auto Submit Suspicious Files to Antivirus Analyst
An antivirus software cannot detect all viruses which is why they also depend on users to submit samples to their virus analyst for manual analysis through various methods. It can be either through a web form, email or a special tool which makes it very troublesome to submit samples because every web form is not the same and they have different prerequisites.
For example, some wants the file to be sent in raw format and some wants you to compress the file to ZIP or 7z. Some requires you to use a specific password for the ZIP file and some don’t. Other than that, submitting samples to SUPERAntiSpyware requires a special tool called SUPERSampleSubmit. It is nearly impossible for an individual to submit samples to multiple antivirus companies because it is just way too troublesome, until X-Ray has been created.
X-Ray is a software created by Raymond.cc that automates submission of files that you think is suspicious to 35 (Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, Hacksoft, Ikarus, K7Antivirus, Kaspersky, Kingsoft, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Rising, Sophos, SUPERAntiSpyware, Symantec, TotalDefense, TrendMicro, VBA32, Vipre, ViRobot) antivirus companies for manual analysis by virus analyst professionals with a click of a button.
Features
– Automatically submit files to 35 different antivirus companies via email or web based submission method for manual analysis.
– Abort upload progress
– Retrieve latest scan report from VirusTotal (API 2.0)
– Send file to VirusTotal for scanning (API 2.0)
– Automatic failover when chosen method for sending files to VirusTotal fails.
– Two methods of sending files to VirusTotal (Email and API)
– Copying MD5 hash and results to clipboard via right click context menu.
– History (VirusTotal detection report and Analysis Submission date & time)
– Clear History
– Change submission method for a particular antivirus from Settings
– Test email settings
– Auto update checker
– Support 6 CAPTCHA recognition service
– Proxy Support
– Right Click “Send To”
– Support Windows XP/Vista/7/8 (32bit & 64bit)
– Freeware (no spyware or adware embedded)
– Portable (history and encrypted settings are stored in AppData)
Screenshot
X-Ray 2.0 retrieved VirusTotal scan report for a malware in Windows 8
Usage
1. Download X-Ray from the link at the end of this page and extract.
2. Run X-Ray.exe
3. Click settings to configure an email account that will be used to send the suspicious file to antivirus vendors. You can click the Test button to make sure that the email account that you entered is able to send email. It is optional to enter your first and last name.
4. Go to Analyse to add a suspicious file. You can either drag and drop a file to the program interface or click the “Add Suspicious Files” button to browse for the file.
5. After adding a file, click the “Get Recent VirusTotal Report” button to check if the file has been uploaded and scanned in VirusTotal before.
a) If you get the prompt saying No report available for “filename”, it means that the file has not been uploaded and scanned in VirusTotal before. Simply click on the OK button to upload the file to VirusTotal for scanning.
b) If X-Ray reports “VirusTotal did not detect file as suspicious”, it does not necessarily mean that the file is clean because malwares are always released as undetectable and can take from days to weeks for it to get detected by some antivirus. It is advisable to send the file for analysis to confirm if the file is safe.
c) If X-Ray reports “VirusTotal detected…”, it means that the file has already been flagged as malicious by a specific antivirus. It is not necessary to submit the file for further analysis which is why the checkbox is automatically unchecked.
Additional Important Notes
After clicking the “Send for Analysis” button, you will be prompted to enter comment about the suspicious file. Please provide useful information to the analyst explaining what makes you think that this file is suspicious, where you downloaded the file from, if other antivirus already detected it as threat and etc.
– Some web forms require you to solve the CAPTCHA. You can either manually type it in the box or use an automated captcha recognition paid service which can be configured in settings > captcha settings.
– The “Get Recent VirusTotal Report” is only for pulling the latest scan report from VirusTotal. It is not used for sending the file to VirusTotal. To send a file to VirusTotal for scanning, please use the “Send to VirusTotal” button.
– After sending a file to VirusTotal, the report is not available immediately. It could take as long as a few hours depending on the load of VirusTotal servers. This is a standard VirusTotal public API restriction.
– If you get the error message “The application failed to initialize properly (0xc0000135). Click on OK to terminate the application.” when running X-Ray, that means you don’t have Microsoft .NET Framework 4 installed. You can download it from here.
– X-Ray.exe is digitally signed. If you don’t see the Digital Signatures tab when viewing the Properties (right click > Properties) of the file, then it is either corrupted or tampered. Please make sure that you only run X-Ray that is downloaded from the link at the end of this article.
Please do not send every single files that is on your computer for human analysis because doing so will only increase the workload of the professional malware analyst who are already very busy doing their job analyzing hundreds of files every day. If you really need to run that file and you can’t trust the source, then it is reasonable to send for analysis. However if you downloaded Firefox from the official website at mozilla.com and you still send it for analysis, then it is a complete waste of the analyst and your time. Use it wisely and let’s make the Internet a safer place.
You might also like:
9 Free Online Sandbox Services to Detect Malware [2023 List]
FTP Droplet Allows Uploading Files Without Knowing FTP Login Details
2 Tools to Convert Audio or Video Files Into Self Contained Auto Playing Executables
Create a Self Running Executable to Auto Burn ISO Files to Disc
Test Your Antivirus: 6 Best Tools to Use in 2023
It does not work on Windows 10.
Can you make it open source?
Can you please open source this project so it can be kept updated ?
It is needed more than ever, but also for developers to be able to submit their new software when false positives are a problem.
New version please!
today not work more
Update please..
please update. This tool is awesome!
why do you even need it ? simply download VirusTotal uploader and get same results on a webpage quickly see virustotal.com/en/documentation/desktop-applications/
You completely misunderstand what the X-Ray tool is for. Its main purpose is to submit files you might think are suspicious to antivirus vendors so they can be analyzed. The fact it sends files and pulls scan information from Virustotal is to help with the identification and analysis of the file itself.
What you send to the antivirus vendors will help to better classify the file in question as malicious or clean at sites like Virustotal in future.
Yeah, but it doesn’t work with windows 10. I know my email is set up correctly yet it never works ie failed. A waste of time to use. I had a report from Nano that a file shown by Kaspersky was a virus yet Kaspersky didn’t flag it. And Nano would remove it.
Yes, sadly the tool is in need of an update as it hasn’t been updated for several years.
Thanks for giveaway. Want to try this tool.
Please update to fix. :(
Raymond
Just started to have a problem with following message:
‘Failed to retrieve scan result from VirusTotal”
The ‘Reason:’ field is blank.
Has anyone else reported this recently?
Can you please update XRAY to fix the submission errors? Or add a feature so the user can modify the AntiVirus vendors? Or make the application open source?
Please update X-Ray to fix submission forms for Vipre/Threattrack, Avira, Bitdefender, Microsoft, Norman, Comodo and Emsisoft . I cannot upload samples to those vendors.
Thanks for share this software.
Thanks
Thanks Sir,Great Software :D
Great piece of software, though I would love to see some support for URL scanning with VT and other online URL submission engines as well such as URLQuery.net, Wepawet and Anubis and maybe correlations with the freely available lists on MalwareDomainList, abuse.ch, Botnets Exposed, etc. Considering Web Base exploit kits are the most prevalent infection vector currently out there at the moment I think some web site/ url scanning features would be extremely useful. Though great program and definitely a step in the right direction. ;)
Great work ,thanks for the share
Thank you very much, Mr. Raymond…
thank you,great article
Hey Ray. How do i bypass the 32MB limit??
You can’t because that’s the limit of VirusTotal.
Hopefully this limit will be expanded upon by Google since they acquired VirusTotal. Such a valuable tool such as VirusTotal (and of course the sweet loving of X-Ray) could make for a powerful virus scanner if the limit was expanded to cover larger files.
And what do you know..
Now the limit is 128MB.. :)
Hopefully xray will be updated to allow the larger file upload please?
De acordo com minhas pesquisas o X-Ray é o melhor Anti – Vírus grátis.
Excelent
This seems to have a lot of potential. I codulnt access it yesterday, but it’s working now. I have a pretty extensive A/V software and test library with a couple thousand examples, that are great for detection rate testing. I’ve kind of wondered what some of them do, but never really felt like booting them in a naked VM and monitoring the changes. This looks to be a good lazy mans alternative. In the past Ive always had to bring up a test machine and run last 100, reg snapshot, hijack this and what changed. A lot of text to go through, and less than interesting. It will be interesting to do it once or twice and compare results with theirs. It also seems like if I had a buddy who has problem (and I always do) with an app that keeps crashing on install, that wasn’t necessarily malware, it would be easier to push him the link and have him push me the results, than to have him upload it to me and messing with it myself. Another good find. Thanks!
thanks, i will use it
DUDE ……….you just made a sexy program……
will give it a try, i use kasdpersky which does a decent job but this is something new, thanks
That will be nice. Had a couple of viruses I’ve had to submit over the last couple of days.
Excelente reforço!
way to go Raymond you’ve done it again
Worth the time we waited … going to try it.
真是一个好东西,太感谢了
非常好。
Thanks for sharing it. Very nice and useful software. :)
Seems to be a great apps … Must try this apps .. thanks Ray !!
Brill software,thanx works great.Next for me would be the send to,is on your list.
I just publish post on this awesome tool please check.
techfeb.com/2011/12/check-your-suspicious-file-for-virus-with-31-antiviruses-using-x-ray/
Please add Ahnlab V3 in X-Ray.
I hope that i can see ahnlab V3 in X-Ray
Hey Ray, Nice app!
I would like an option to also read the comments (virustotal). They can be very usefull.
I’d like to see you revise the program so that submitting a file to any company requires a two or three step process. The end result would be that no file could be submitted until it has been checked on VirusTotal. If Virus Total gives it a clean bill of health by all reporting scanners, then require that the user input a comment about why they feel an additional check is necessary.
Without these “speed bumps,” I believe that too many users will go right to “manual scanning,” because they think that will be “best.” That would unnecessarily tie up company resources for almost zero benefit. The threats that VirusTotal misses are few and far between.
Thanks Jeffrey, I’ll look into that on the next update.
Thank you Raymond , really u have done a good job, thankx a lot
its a very important software specially for beginners in viruses & anti-viruses world
really good work by excellent people
Thanks Ray,
It seems like a great program to have. I have a question.
I know this program is made by you which is why I trust it but I am always leery about putting my email password into programs, Does this program store the email password to an encrypted file somewhere?
Does sending the file via email have an advantage over sending it through the API?
Thanks
TeXaCo
Your email password is encrypted and stored in user.config file at C:UsersYourUserNameAppDataLocalXRay
Sending file via email shares the same advantage through the API except it is a different method.
Excellent software…
Thank you Raymond! Definitely a needed app.
awesome software