Why does VirusTotal give different results depending on how I upload the file?

1•nilslindemann•2h ago

Why does VirusTotal give different results for what appears to be the same file, when the download URL is given ...

https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcfad93811e799c7e8460e374f230a232893a1ba9a

... and when the file hash is given (I download the file from the URL and then upload it to VirusTotal, using my browser) ...

https://www.virustotal.com/gui/file/03a234060541b686ac4265754aff43df9325c21383f90e17f831e67965d717f8

(My expectation is that it also computes the hash from the file found at the download url)

To add to this, the file lives on my system as "Optimizer-16.7.exe", but the VirusTotal GUI, after I upload that file, gives it as "Optimizer.exe"

Comments

_a9•1h ago

The URL scanner doesnt directly scan the file. It checks the URL against other web firewalls and returns stuff like the headers, chain, the sha256 hash of the body (which links to the actual file analysis https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcf...)

You can see and compare the different vendors of each. File analysis goes to all the antivirus' and does the sandbox stuff and the URL analysis goes to things like Google Safebrowsing, phishing check services, etc

tldr different systems for URL analysis (web firewall check) & file analysis (antivirus/sandbox check)

nilslindemann•1h ago

Thx, seems we posted at the same time. AI confirms what you say.

nilslindemann•1h ago

Okay, I figured it out by asking the Google AI (in German): https://share.google/aimode/vEQR65SSttZJkDWax

(In the case of the direct upload, more programs check the file, indicating that the direct upload may in general be a more reliable method. Though the twelve reports seem to be false positives in this case)

AI, Tariffs and Box Office – 14 Charts That Explain 2025

Pay Remote Workers a Premium

The Compiler Is Your Best Friend, Stop Lying to It

Learn Your Way – Re-imagining textbooks for every learner

Rust GUI Dev on an Ancient Laptop with Zed and Waypipe

Her daughter was unraveling, and she didn't know why. Then she found the AI chat

Can Apple's AirPod Translation Get You Through Tokyo? We Tested It.

The Economy Avoided a Recession in 2025

Just Fucking Use Markdown

Ask HN: What was the hardest bug you tracked down in 2025?

Encore: TypeScript Infrastructure Framework

HUML – YAML Without Ambiguity

Move Over, Genghis Khan. Many Other Men Left Genetic Legacies

Before This Physicist Studied the Stars, He Was One

Building Team. One 26MB Primitive. Air-Gapped. Deterministic. Runs Anywhere

Next Generation File System?

Finding Where to Compromise with LLM's

Claude Use Cases

Ask HN: What Disappointed You in 2025?

Velox – A <3kb reactive framework with O(1) updates (No VDOM)

Show HN: JSON Editors – Online JSON Editor and Developer Toolbox

Quadratrix of Hippias

Spreadsheet Simulators Are Unstoppable

Half-Life: Alyx's level designer prefers Black Mesa to original Half-Life (2020)

At The Limits of Design

My Three Strikes Rule for Blogging

Show HN: Jobswithgpt.com Semantic Job Search

Shut-In Society

Alloy: React for Codegen, like Stripe's internal framework

Macro Photography Highlights: The Best of 2025