Why does VirusTotal give different results depending on how I upload the file?

1•nilslindemann•1mo ago

Why does VirusTotal give different results for what appears to be the same file, when the download URL is given ...

https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcfad93811e799c7e8460e374f230a232893a1ba9a

... and when the file hash is given (I download the file from the URL and then upload it to VirusTotal, using my browser) ...

https://www.virustotal.com/gui/file/03a234060541b686ac4265754aff43df9325c21383f90e17f831e67965d717f8

(My expectation is that it also computes the hash from the file found at the download url)

To add to this, the file lives on my system as "Optimizer-16.7.exe", but the VirusTotal GUI, after I upload that file, gives it as "Optimizer.exe"

Comments

_a9•1mo ago

The URL scanner doesnt directly scan the file. It checks the URL against other web firewalls and returns stuff like the headers, chain, the sha256 hash of the body (which links to the actual file analysis https://www.virustotal.com/gui/url/9525d0fe32cebf7933bf84dcf...)

You can see and compare the different vendors of each. File analysis goes to all the antivirus' and does the sandbox stuff and the URL analysis goes to things like Google Safebrowsing, phishing check services, etc

tldr different systems for URL analysis (web firewall check) & file analysis (antivirus/sandbox check)

nilslindemann•1mo ago

Thx, seems we posted at the same time. AI confirms what you say.

nilslindemann•1mo ago

Okay, I figured it out by asking the Google AI (in German): https://share.google/aimode/vEQR65SSttZJkDWax

(In the case of the direct upload, more programs check the file, indicating that the direct upload may in general be a more reliable method. Though the twelve reports seem to be false positives in this case)

X said it would give $1M to a user who had previously shared racist posts

155M US land parcel boundaries

Private Inference

Font Rendering from First Principles

Show HN: Seedance 2.0 AI video generator for creators and ecommerce

Wally: A fun, reliable voice assistant in the shape of a penguin

Rewriting Pycparser with the Help of an LLM

Lobsters Vibecoding Challenge

E-Commerce vs. Social Commerce

Avoiding Modern C++ – Anton Mikhailov [video]

Show HN: AegisMind–AI system with 12 brain regions modeled on human neuroscience

Zig – Package Management Workflow Enhancements

AI-powered text correction for macOS

AppSecMaster – Learn Application Security with hands on challenges

Fibonacci Number Certificates

AI Overviews are killing the web search, and there's nothing we can do about it

City skylines need an upgrade in the face of climate stress

1979: The Model World of Robert Symes [video]

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026