VirusTotal AI code analysis expands Windows, Linux script support

Google has added support for more scripting languages to VirusTotal Code Insight, a recently introduced artificial intelligence-based code analysis feature.

While launched only with support for analyzing a subset of PowerShell files, Code Insight can now also spot malicious Batch (BAT), Command Prompt (CMD), Shell (SH), and VBScript (VBS) scripts.

Besides the list of additions included in Google’s announcement, BleepingComputer was also able to discover that the company added support for AutoHotkey (AHK) and Python (PY) scripting languages.

“Code Insight has broadened its support for script formats, moving beyond PowerShell to offer analysis for a variety of scripting languages,” VirusTotal founder Bernardo Quintero said.

To facilitate the analysis of larger files, Code Insight has also been updated to have an increased maximum file size limit, doubling the capacity for processing.

“Code Insight can now handle files twice the size it could before, and we’re not stopping there. We’re going to keep working on improving this aspect in the coming months,” Quintero added.

Additionally, the model has been improved to provide clearer and more specific high-level explanations, emphasizing the code’s behavior.

A revamped user interface now showcases only the start of the report (the first several sentences) by default, allowing users to expand the description if needed. This ensures the default view is not inundated with lengthy AI-powered analysis reports.

SH script analysis by VirusTotal Code Insight
ESXiArgs sample analysis by VirusTotal Code Insight (VirusTotal)

​VirusTotal announced the launch of Code Insight last month as an AI-based code analysis feature powered by the Google Cloud Security AI Workbench, which uses the Sec-PaLM large language model (LLM) fine-tuned for security use cases.

As Google explained, it analyzes potentially harmful files to describe their (malicious) behavior, making identifying which pose actual threats easier.

Code Insight is currently in its early stages of development, marking the beginning of a continuous and evolving process.

The roadmap ahead encompasses the following improvements:

  1. Expanding support for additional file types and sizes.
  2. Enabling analysis of binary and executable files.
  3. Enriching analysis by incorporating contextual information beyond the code itself.

VirusTotal is a web-based malware-scanning platform with over 500,000 registered users, owned by Google’s Chronicle security subsidiary.

It helps scan suspicious files and URLs for malicious content, such as viruses, worms, and trojans, by harnessing the power of more than 70 antivirus scanners and domain blocklisting services.


(c) Sergiu Gatlan