X-Ways VirusTotal X...
Clear all

X-Ways VirusTotal X-Tension


I wrote a quick X-Tension a while back and finally had some time to
clean it up.

This allows an examiner to check the status of a file via the
VirusTotal API directly through X-Ways and get the status in the
X-Ways messages window.

Note that this does **not** submit the file to VirusTotal, it only
checks to see if an existing report exists for a given file’s hash and
retrieves the results. All checks are performed via SSL.

Requires Microsoft's .Net Framework v3.5 and a valid public (or
private) API key from VirusTotal which can be obtained for free from

Download links, installation steps, and screenshots all available

Feedback, comments, complaints, and bugs appreciated.

Topic starter Posted : 02/07/2014 12:09 am
Community Legend


Very nice. mrgreen

Posted : 02/07/2014 7:41 pm

Just tried on version 18.8 and it comes back with

[XT] Invalid API Key, please edit xtVirusTotal.ini or use X-Tension About
An exception of type 20301 occurred at offset 7FF83E32871C.

Is this is a known bug? I have a valid API key.

Posted : 14/07/2016 10:09 pm


I just tested this with 18.9 x64 and it works. Can you provide any other info?

[XT] Item Full Path \Inetpub\wwwroot\autorun.inf
[XT] File has been scanned before... getting results
[XT] Scan Date 7/5/2016 93205 PM
[XT] Scan ID 7611738317dabe43daeeb0b45698c0e37ecfd546d29761a63e57dd779984589b-1467754325
[XT] Scan URL http//www.virustotal.com/file-scan/report.html?id=7611738317dabe43daeeb0b45698c0e37ecfd546d29761a63e57dd779984589b-1467754325
[XT] Message Scan finished, information embedded
[XT] Bkav Detected Not Detected
[XT] MicroWorld-eScan Detected Worm.Autorun.VHG
[XT] nProtect Detected Worm.Autorun.VHG
[XT] CMC Detected Generic.Win32.2c29248d7b!CMCRadar
[XT] CAT-QuickHeal Detected Not Detected
[XT] McAfee Detected Not Detected
[XT] Malwarebytes Detected Not Detected
[XT] Zillya Detected Downloader.OpenConnection.JS.4493
[XT] AegisLab Detected W32.W.Kido.ix!c
[XT] K7AntiVirus Detected Trojan ( 0008d3ac1 )
[XT] Alibaba Detected Not Detected
[XT] K7GW Detected Trojan ( 0008d3ac1 )
[XT] TheHacker Detected W32/Conficker.autorunL
[XT] Baidu Detected Not Detected
[XT] F-Prot Detected JS/AutoRun
[XT] Symantec Detected W32.Downadup!autorun
[XT] ESET-NOD32 Detected a variant of Generik.MFNZBXQ
[XT] TrendMicro-HouseCall Detected TROJ_DOWNAD.INF
[XT] Avast Detected BVAutoRun-S [Wrm]
[XT] ClamAV Detected Win.Worm.Autorun-425
[XT] Kaspersky Detected Net-Worm.Win32.Kido.ir
[XT] BitDefender Detected Worm.Autorun.VHG
[XT] NANO-Antivirus Detected Not Detected
[XT] SUPERAntiSpyware Detected Not Detected
[XT] Ad-Aware Detected Worm.Autorun.VHG
[XT] Sophos Detected Mal/ConfInf-A
[XT] Comodo Detected NetWorm.Win32.Kido.~ir
[XT] F-Secure Detected WormW32/Downaduprun.A
[XT] DrWeb Detected Win32.HLLW.Autoruner.5601
[XT] VIPRE Detected Worm.Win32.Conficker.B!inf (v)
[XT] TrendMicro Detected TROJ_DOWNAD.INF
[XT] McAfee-GW-Edition Detected Not Detected
[XT] Emsisoft Detected Worm.Autorun.VHG (B)
[XT] Cyren Detected JS/AutoRun
[XT] Jiangmin Detected Worm/Kido.adz
[XT] Avira Detected WORM/Conficker.Gen
[XT] Antiy-AVL Detected Not Detected
[XT] Kingsoft Detected Not Detected
[XT] Microsoft Detected WormWin32/Conficker.B!inf
[XT] Arcabit Detected Worm.Autorun.VHG
[XT] ViRobot Detected Worm.Win32.S.Net-Kido.95034[h]
[XT] GData Detected Worm.Autorun.VHG
[XT] AhnLab-V3 Detected Win32/Conficker.worm
[XT] ALYac Detected Worm.Autorun.VHG
[XT] AVware Detected Worm.Win32.Conficker.B!inf (v)
[XT] VBA32 Detected Net-Worm.Win32.Kido.ix
[XT] Zoner Detected Not Detected
[XT] Tencent Detected Win32.Worm-net.Kido.Hrfl
[XT] Ikarus Detected Worm.Win32.Conficker
[XT] Fortinet Detected INF/Conficker.EM!worm
[XT] AVG Detected Worm/Generic_c.ZS
[XT] Panda Detected W32/Conficker.C.worm
[XT] Qihoo-360 Detected Malware.Radar01.Gen

Topic starter Posted : 14/07/2016 11:10 pm
New Member

Hello Chad,

I am testing this on 20.0 x64 and I also get the error:

[XT] Invalid API Key, please edit xtVirusTotal.ini or use X-Tension About

but the API is newly generated and copy pasted.


Please advice.


Posted : 24/10/2020 6:57 pm