An antivirus software cannot detect all viruses which is why they also depend on users to submit samples to their virus analyst for manual analysis through various methods. It can be either through a web form, email or a special tool which makes it very troublesome to submit samples because every web form is not the same and they have different prerequisites. For example, some wants the file to be sent in raw format and some wants you to compress the file to ZIP or 7z. Some requires you to use a specific password for the ZIP file and some don’t. Other than that, submitting samples to SUPERAntiSpyware requires a special tool called SUPERSampleSubmit. It is nearly impossible for an individual to submit samples to multiple antivirus companies because it is just way too troublesome, until X-Ray has been created.
X-Ray is a software created by raymond.cc that automates submission of files that you think is suspicious to 31 (Avast, AVG, Avira, Bitdefender, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, CA, Fortinet, F-Prot, F-Secure, Ikarus, K7Antivirus, Kaspersky, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Prevx, Rising, SUPERAntiSpyware, Symantec, TheHacker, VBA32, Vipre, ViRobot, VirusBuster) antivirus companies for manual analysis by virus analyst professionals with a click of a button.
Features
- Automatically submit files to 31 different antivirus companies via email or web based submission method for manual analysis.
- Change submission method for a particular antivirus from Settings
- Test email settings
- Retrieve latest scan report from VirusTotal
- Send file to VirusTotal for scanning
- Two methods of sending files to VirusTotal (Email and API)
- Automatic failover when chosen method for sending suspicious files to VirusTotal fails
- Copying MD5 hash and results to clipboard via right click context menu.
- History (VirusTotal detection report and Analysis Submission date & time)
- Auto Update
- Support Windows XP/Vista/7 (32bit & 64bit)
- Freeware (no spyware or adware embedded)
Screenshot
All 43 antivirus at VirusTotal shows that file is clean on 15th December. File seems to be safe.
Some antivirus at VirusTotal detected file as malware on 17th December, 2 days after submission for analysis. File that seemed to be safe 2 days ago isn’t really that safe after all.
Usage
1. Download X-Ray from the link at the end of this page and extract.
2. Run X-Ray.exe
3. Click settings to configure an email account that will be used to send the suspicious file to antivirus vendors. You can click the Test button to make sure that the email account that you entered is able to send email. It is optional to enter your first and last name.
4. It is recommended to use your VirusTotal API key because every public API key has a limit of 20 requests per 5 minutes. A few users simultaneously using X-Ray will easily reach the request limit for the built-in API key and you will receive the error message “Submission via API failed. Reason: exceeded API request rate“.
Here are the few simple steps to get your unique VirusTotal API key:
a) Register a free account at VT Community by filling up the form at this link.
b) Check your email and click on the activation link to activate your VT Community account.
c) Once activated, click the Sign in link at the top of the page and login with the email address and password that you’ve used to register.
d) Click My Account and followed by inbox.
e) Click the Public API tab and copy your key which is displayed in red with 64 random characters.
f) Paste the API key at X-Ray > Settings > API Key box.
5. Go to Analyse to add a suspicious file. You can either drag and drop a file to the program interface or click the “Add Suspicious Files” button to browse for the file.
6. After adding a file, click the “Get Recent VirusTotal Report” button to check if the file has been uploaded and scanned in VirusTotal before.
a) If X-Ray reports “Not Found. Click Sent to VirusTotal button to upload file to VirusTotal”, it means that the file has not been uploaded and scanned in VirusTotal before. It is recommended to click “Sent to VirusTotal” button to upload the file to VirusTotal.
b) If X-Ray reports “VirusTotal did not detect file as suspicious”, it does not necessarily mean that the file is clean because malwares are always released as undetectable and can take from days to weeks for it to get detected by some antivirus. It is advisable to send the file for analysis to confirm if the file is safe.
c) If X-Ray reports “VirusTotal detected…”, it means that the file has already been flagged as malicious by a specific antivirus. It is not necessary to submit the file for further analysis which is why the checkbox is automatically unchecked.
Additional Important Notes
- After clicking the “Send for Analysis” button, you will be prompted to enter comment about the suspicious file. This is optional but it would be best if you can explain what makes you think that this file is suspicious, where you downloaded the file from, if other antivirus already detected it as threat and etc.
- You will need to enter the CAPTCHA code when prompted.
- The “Get Recent VirusTotal Report” is only for pulling the latest scan report from VirusTotal. It is not used for sending the file to VirusTotal. To send a file to VirusTotal for scanning, please use the “Send to VirusTotal” button.
- After sending a file to VirusTotal, the report is not available immediately. It could take as long as a few hours depending on the load of VirusTotal servers. This is a restriction for VirusTotal public API. Probably at next version I will implement a web based uploader so that it will have the highest scanning priority with no API limit.
- X-Ray requires Microsoft .NET Framework 4 to run which can be downloaded from this link or from Windows Update.
- X-Ray.exe, X-Ray.Core.dll and X-Ray.Interface.dll are digitally signed. If you don’t see the Digital Signatures tab when viewing the Properties (right click > Properties) of the file, then it is either corrupted or tampered. Please make sure that you only run X-Ray that is downloaded from the link at the end of this article.
To Do
- Support VirSCAN as VirusTotal alternative
- Proxy Support
- Auto CAPTCHA recognition via third-party solution
- Abort upload progress
- Right Click “Send To”
- Full portability (settings saved and read at the location of EXE)
Please do not send every single files that is on your computer for human analysis because doing so will only increase the workload of the professional malware analyst who are already very busy doing their job analyzing hundreds of files every day. If you really need to run that file and you can’t trust the source, then it is reasonable to send for analysis. However if you downloaded Firefox from the official website at mozilla.com and you still send it for analysis, then it is a complete waste of the analyst and your time. Use it wisely so it benefits everyone.
Excelent
This seems to have a lot of potential. I codulnt access it yesterday, but it’s working now. I have a pretty extensive A/V software and test library with a couple thousand examples, that are great for detection rate testing. I’ve kind of wondered what some of them do, but never really felt like booting them in a naked VM and monitoring the changes. This looks to be a good lazy mans alternative. In the past Ive always had to bring up a test machine and run last 100, reg snapshot, hijack this and what changed. A lot of text to go through, and less than interesting. It will be interesting to do it once or twice and compare results with theirs. It also seems like if I had a buddy who has problem (and I always do) with an app that keeps crashing on install, that wasn’t necessarily malware, it would be easier to push him the link and have him push me the results, than to have him upload it to me and messing with it myself. Another good find. Thanks!
Since moving Virus Total to Google API, Receive last scan result is not working any more. can we except fix in near future.
thanks, i will use it
it says retrieving file scan ffailed. whats problem?
DUDE ……….you just made a sexy program……
will give it a try, i use kasdpersky which does a decent job but this is something new, thanks
That will be nice. Had a couple of viruses I’ve had to submit over the last couple of days.
X-Ray 2.0 which is using the VirusTotal API 2.0 is in near completion. A few more bugs to fix before releasing it.
Is there going to be an update to fix the change to the hashing used in the VirusTotal urls?
They now use SHA256 and not MD5
Looks like VirusTotal may of changed something. Am I wrong in that they used to use MD5 for the url but now it’s SHA1 ?
Excelente reforço!
Right click SendTo is in my to do list. Will be implemented at next version.
Hi raymond,
i like youre analyzer but i wanna ask you something:
- how can i add this to SentTo for ease of analyzing :D?
i just want to right click an exe/archive/file (dri possible?) and get it analyzed.
Thanks
way to go Raymond you’ve done it again
Worth the time we waited … going to try it.
Thanks for reporting this antiufo.
Will fix this on the next update.
The program fails to load in-use files (for example the .exe of a running process). You are probably requesting read/write access when read only would suffice.
真是一个好东西,太感谢了
非常好。
Thanks for sharing it. Very nice and useful software. :)
Seems to be a great apps … Must try this apps .. thanks Ray !!
Brill software,thanx works great.Next for me would be the send to,is on your list.
I just publish post on this awesome tool please check.
techfeb.com/2011/12/check-your-suspicious-file-for-virus-with-31-antiviruses-using-x-ray/
Please add Ahnlab V3 in X-Ray.
I hope that i can see ahnlab V3 in X-Ray
Hey Ray, Nice app!
I would like an option to also read the comments (virustotal). They can be very usefull.
The “Send for Analysis” works, but “Send to VirusTotal” does not. It returns that it was “Aborted,” and/or “Submission via API failed – would I like to send it by email,” or the “file was not sent due to error–Operation Timed Out.” Bitdefender was one that returned “File was successfully sent via Web.
Thanks Jeffrey, I’ll look into that on the next update.
VirusTotal staff got back to me saying that their engineers forgot to whitelist one of their proxy server. Now it is fixed and you shouldn’t encounter any problems in submitting files to VirusTotal.
I’d like to see you revise the program so that submitting a file to any company requires a two or three step process. The end result would be that no file could be submitted until it has been checked on VirusTotal. If Virus Total gives it a clean bill of health by all reporting scanners, then require that the user input a comment about why they feel an additional check is necessary.
Without these “speed bumps,” I believe that too many users will go right to “manual scanning,” because they think that will be “best.” That would unnecessarily tie up company resources for almost zero benefit. The threats that VirusTotal misses are few and far between.
Thank you Raymond , really u have done a good job, thankx a lot
I will try to contact VirusTotal to get clarification on this. It was working perfectly. Sorry for any inconveniences.
Your email password is encrypted and stored at C:UsersYourUserNameAppDataLocalXRay at user.config file.
Sending file via email shares the same advantage through the API except it is a different method.
It is more than a “VirusTotal wrapper application”.
Please read the description of the software.
I keep getting “sumbission via API failed” notification (reason: exceeded API request rate) even after pasting the API key found on my Virutotal account…It doesn’t seem to work for me.
its a very important software specially for beginners in viruses & anti-viruses world
really good work by excellent people
Raymond, after I tried to test e-mail settings in X-Ray – I get a message – Error sending mail: Failure sending mail.
Can you help me – where I’m wrong?
sinela
Thanks Ray,
It seems like a great program to have. I have a question.
I know this program is made by you which is why I trust it but I am always leery about putting my email password into programs, Does this program store the email password to an encrypted file somewhere?
Does sending the file via email have an advantage over sending it through the API?
Thanks
TeXaCo
So you made an wrapper application for VirusTotal is that right? I liked your initial idea way better.
That was the day when X-Ray was announced and the date this page was created. I’ve updated the date to today.
Raymond,
Why the date of this post display as Nov 27 2009?
Excellent software…
Thank you Raymond! Definitely a needed app.
awesome software