So i have seen many times that people provide the virus total report for a file to prove its not a virus
but i just checked and when i submit a file its not even uploading it (i checked my bandwidth), its just computing its hash somehow without uploading it, I’m pretty sure I’m not uploading the file because a 10mB executable file takes half a second to “load” in their website and check even tho my upload speed is 30KB/s! (tried renaming the file too but still only took half a second)
so i have three questions:
when i submit a file, how does it upload it so fast? is my file even getting uploaded? if not, then how does it compute the hash?
does it say a file is malicious only if the hash of that file is present in the database of a AV company? if so doesn’t this mean i can easily bypass it by changing a the PE/ELF file a bit?
is there any better alternative that actually performs some static or even dynamic analysis on the file to check if its malicious or not?