Version 13 of Autoruns which was release January 29, 2015 includes a very handy feature to check unknown autorun entries with Virustotal “automatically”. It’s integrated pretty well, you open Autoruns as usual and then just right-click and choose Check Virustotal:
After you agree to VirusTotals Terms of Service (yes, obviously a hash of the file or even the file itself will be submitted to VirusTotal) it will start looking for results.
During the lookup and as soon as a result is visible, you will see a new column called VirusTotal where you can see if it’s either checking or the end result which is 0/57 (negative) in my case. (Phew, looks like I have the original Quick Time task thingy… ;)
Automatically scanning files with Virustotal
You can opt-in to auto-check all entries with VirusTotal. To do so, you go to the Autoruns scan options: Options -> Scan Options and choose Check VirusTotal.com (and if you want to also Submit Unknown Images which will upload the file if the hash can’t be found in VirusTotals Database). You should then see lot’s of hashes being submitted…
Hiding negative results
Depending how many autostart entries the computer you’re scanning has, only findings might be of interest. To filter our the boring “0/57” results, simply enable Hide VirusTotal Clean Entries under Options.
Overall, I think this is a great addition to the Autoruns tool and enables us to easily scan and see the results of our autorun entries: