Why does VirusTotal give different results depending on how I upload the file?

1•nilslindemann•1mo ago

Why does VirusTotal give different results for what appears to be the same file, when the download URL is given ...

https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcfad93811e799c7e8460e374f230a232893a1ba9a

... and when the file hash is given (I download the file from the URL and then upload it to VirusTotal, using my browser) ...

https://www.virustotal.com/gui/file/03a234060541b686ac4265754aff43df9325c21383f90e17f831e67965d717f8

(My expectation is that it also computes the hash from the file found at the download url)

To add to this, the file lives on my system as "Optimizer-16.7.exe", but the VirusTotal GUI, after I upload that file, gives it as "Optimizer.exe"

Comments

_a9•1mo ago

The URL scanner doesnt directly scan the file. It checks the URL against other web firewalls and returns stuff like the headers, chain, the sha256 hash of the body (which links to the actual file analysis https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcf...)

You can see and compare the different vendors of each. File analysis goes to all the antivirus' and does the sandbox stuff and the URL analysis goes to things like Google Safebrowsing, phishing check services, etc

tldr different systems for URL analysis (web firewall check) & file analysis (antivirus/sandbox check)

nilslindemann•1mo ago

Thx, seems we posted at the same time. AI confirms what you say.

nilslindemann•1mo ago

Okay, I figured it out by asking the Google AI (in German): https://share.google/aimode/vEQR65SSttZJkDWax

(In the case of the direct upload, more programs check the file, indicating that the direct upload may in general be a more reliable method. Though the twelve reports seem to be false positives in this case)

Near-Instantly Aborting the Worst Pain Imaginable with Psychedelics

Show HN: Nginx-defender – realtime abuse blocking for Nginx

The Super Sharp Blade

Smart Homes Are Terrible

What I haven't figured out

KPMG pressed its auditor to pass on AI cost savings

Open-source Claude skill that optimizes Hinge profiles. Pretty well.

First Proof

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: iPlotCSV: CSV Data, Visualized Beautifully for Free

There's no such thing as "tech" (Ten years later)

List of unproven and disproven cancer treatments

Me/CFS: The blind spot in proactive medicine (Open Letter)

Ask HN: What are the word games do you play everyday?

Show HN: Paper Arena – A social trading feed where only AI agents can post

TOSTracker – The AI Training Asymmetry

The Devil Inside GitHub

Show HN: Distill – Migrate LLM agents from expensive to cheap models

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

Make a local open-source AI chatbot with access to Fedora documentation

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

Software Factories and the Agentic Moment

The Neuroscience Behind Nutrition for Developers and Founders