X-Ray 2.0: Auto Submit Suspicious Files to Antivirus Analyst

An antivirus software cannot detect all viruses which is why they also depend on users to submit samples to their virus analyst for manual analysis through various methods. It can be either through a web form, email or a special tool which makes it very troublesome to submit samples because every web form is not the same and they have different prerequisites. For example, some wants the file to be sent in raw format and some wants you to compress the file to ZIP or 7z. Some requires you to use a specific password for the ZIP file and some don’t. Other than that, submitting samples to SUPERAntiSpyware requires a special tool called SUPERSampleSubmit. It is nearly impossible for an individual to submit samples to multiple antivirus companies because it is just way too troublesome, until X-Ray has been created.

X-Ray is a software created by Raymond.cc that automates submission of files that you think is suspicious to 35 (Agnitum, Antiy Labs, Avast, AVG, Avira, Bitdefender, QuickHeal, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, F-Prot, F-Secure, Fortinet, Hacksoft, Ikarus, K7Antivirus, Kaspersky, Kingsoft, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Rising, Sophos, SUPERAntiSpyware, Symantec, TotalDefense, TrendMicro, VBA32, Vipre, ViRobot) antivirus companies for manual analysis by virus analyst professionals with a click of a button.

- Automatically submit files to 35 different antivirus companies via email or web based submission method for manual analysis.
- Abort upload progress
- Retrieve latest scan report from VirusTotal (API 2.0)
- Send file to VirusTotal for scanning (API 2.0)
- Automatic failover when chosen method for sending files to VirusTotal fails.
- Two methods of sending files to VirusTotal (Email and API)
- Copying MD5 hash and results to clipboard via right click context menu.
- History (VirusTotal detection report and Analysis Submission date & time)
- Clear History
- Change submission method for a particular antivirus from Settings
- Test email settings
- Auto update checker
- Support 6 CAPTCHA recognition service
- Proxy Support
- Right Click “Send To”
- Support Windows XP/Vista/7/8 (32bit & 64bit)
- Freeware (no spyware or adware embedded)
- Portable (history and encrypted settings are stored in AppData)

X-Ray 2.0 retrieved VirusTotal scan report for a malware in Windows 8

1. Download X-Ray from the link at the end of this page and extract.

2. Run X-Ray.exe

3. Click settings to configure an email account that will be used to send the suspicious file to antivirus vendors. You can click the Test button to make sure that the email account that you entered is able to send email. It is optional to enter your first and last name.

4. Go to Analyse to add a suspicious file. You can either drag and drop a file to the program interface or click the “Add Suspicious Files” button to browse for the file.

5. After adding a file, click the “Get Recent VirusTotal Report” button to check if the file has been uploaded and scanned in VirusTotal before.

a) If you get the prompt saying No report available for “filename”, it means that the file has not been uploaded and scanned in VirusTotal before. Simply click on the OK button to upload the file to VirusTotal for scanning.

b) If X-Ray reports “VirusTotal did not detect file as suspicious”, it does not necessarily mean that the file is clean because malwares are always released as undetectable and can take from days to weeks for it to get detected by some antivirus. It is advisable to send the file for analysis to confirm if the file is safe.

c) If X-Ray reports “VirusTotal detected…”, it means that the file has already been flagged as malicious by a specific antivirus. It is not necessary to submit the file for further analysis which is why the checkbox is automatically unchecked.

After clicking the “Send for Analysis” button, you will be prompted to enter comment about the suspicious file. Please provide useful information to the analyst explaining what makes you think that this file is suspicious, where you downloaded the file from, if other antivirus already detected it as threat and etc.

- Some web forms require you to solve the CAPTCHA. You can either manually type it in the box or use an automated captcha recognition paid service which can be configured in settings > captcha settings.

- The “Get Recent VirusTotal Report” is only for pulling the latest scan report from VirusTotal. It is not used for sending the file to VirusTotal. To send a file to VirusTotal for scanning, please use the “Send to VirusTotal” button.

- After sending a file to VirusTotal, the report is not available immediately. It could take as long as a few hours depending on the load of VirusTotal servers. This is a standard VirusTotal public API restriction.

- If you get the error message “The application failed to initialize properly (0xc0000135). Click on OK to terminate the application.” when running X-Ray, that means you don’t have Microsoft .NET Framework 4 installed. You can download it from here.

- X-Ray.exe is digitally signed. If you don’t see the Digital Signatures tab when viewing the Properties (right click > Properties) of the file, then it is either corrupted or tampered. Please make sure that you only run X-Ray that is downloaded from the link at the end of this article.

Please do not send every single files that is on your computer for human analysis because doing so will only increase the workload of the professional malware analyst who are already very busy doing their job analyzing hundreds of files every day. If you really need to run that file and you can’t trust the source, then it is reasonable to send for analysis. However if you downloaded Firefox from the official website at mozilla.com and you still send it for analysis, then it is a complete waste of the analyst and your time. Use it wisely and let’s make the Internet a safer place.