My Honest Experience: Malcore vs. VirusTotal

Stefan Bargan
CyberScribers
Published in
3 min readJul 6, 2024

For years, I was a loyal user of VirusTotal. It was my go-to tool for scanning files and URLs for potential threats. It was reliable, efficient, and did the job well enough. But as time went on, I began to notice some shortcomings and limitations that I just couldn’t ignore any more.

It felt like I was settling for ‘good enough’ when I knew there had to be something better out there. That’s when I stumbled upon Malcore. At first, I was sceptical. Could this relatively new player in the cybersecurity field really outshine a veteran like VirusTotal? But curiosity got the better of me, and I decided to give it a go.

In this post, I’ll share my personal journey of transitioning from VirusTotal to Malcore, the reasons behind my decision, and how Malcore has transformed the way I approach digital security. If you’ve ever felt like your current tools are just scratching the surface, stick around. You might find that a change, as daunting as it may seem, could be exactly what you need.

This blog post is not sponsored by Malcore*

Malcore Logo

In my search for a better tool to keep my computer safe, I recently tested two popular options: VirusTotal and Malcore. To compare them, I used a file called “TPMProvisioningService.exe,” which is a Windows file that I packed using UPX. I uploaded this file to both Malcore and VirusTotal to see what each would find. Here’s the SHA-256 hash and the results:

SHA-256: 89cf8d0857b33083b625e915f69d6b237213f058fc9f1746efd506738910fd99

Malcore Results: See the Full Report

VirusTotal Results: See the Full Report

Here’s what each tool found: VirusTotal spotted a few issues and flagged the file using 2 antivirus programs. It mentioned:

  • Execution
  • Defence evasion
  • Linking
  • Host-interaction (not sure what this means)
  • Internal
  • Anti-analysis

On the other hand, Malcore gave a much more detailed breakdown, giving the file a risk score of 38.85%. Here’s what Malcore found:

  • Unknown sections
  • High entropy (which means the file might be hiding something)
  • Suspicious assembly code
  • Known bad Windows network addresses
  • No code signing certificate
  • Classified as safe by AI, but still warned me
  • Strange things in the file’s header
  • Dynamic import loading
  • UPX packed (meaning the file was compressed to hide its contents)

Malcore also tagged the file as packed, which means it was compressed or encrypted to make it harder to see what’s inside. This comparison shows that VirusTotal can miss some important details that Malcore catches. Malcore’s more detailed and accurate findings make it a much better tool for keeping my computer safe. If you want to try this out for yourself, you can download the file I used here:

Download TPMProvisioningService.exe.

And this is just one example of why I’ve switched to Malcore over VirusTotal. It’s true that Malcore has its own set of limitations compared to VirusTotal, and this doesn’t mean I won’t be using VirusTotal at all — I certainly will. The purpose of this blog is to highlight the differences between Malcore and VirusTotal, showcasing why I find Malcore to be a valuable addition to my cybersecurity toolkit.

Thank you for reading my story! If you enjoyed it, make sure to follow me for more content like this.

Buy Me A Coffeehttps://www.buymeacoffee.com/stefanpbargan

My LinkTreehttps://linktr.ee/StefanPBargan

--

--

CyberScribers
CyberScribers

Published in CyberScribers

Dive into the world of cybersecurity with CyberScribers on Medium. We bring together compelling stories from various authors, exploring the complexities of digital security.

Stefan Bargan
Stefan Bargan

Written by Stefan Bargan

Everything here is my personal work and opinions | Security Analyst @ LRQA Nettitude | MSc Cybercrime | BSc (Hons) Cybersecurity |

Responses (3)