Have you used Google’s free service VirusTotal? When you have doubts about the origin of suspicious files, VirusTotal comes in handy.
The service is about to become even more useful, as its developers have added a new tool to it that analyzes firmware. Firmware malware has indeed turned into a big issue.
Learn More about Firmware-Related Problems:
9271 Vulnerabilities Revealed in A Study on Firmware Images
Firmware Tool within VirusTotal
Firmware is often targeted as it is a very convenient place to hide malicious software. Furthermore, antivirus solutions typically don’t scan the firmware layer, and a malware intrusion can easily remain unnoticed.
That’s not all. Firmware malware can survive reboots and even fresh OS reinstallations.
As of today VirusTotal is characterizing in detail firmware images, legit or malicious. These are a couple of examples of the kind of information that is now generated, please refer to the File Detail tab:
https://www.virustotal.com/en/file/3afb102f0a61f5a71be4658c3d8d3624e4773e36f64fd68a173f931bc38f651e/analysis/  https://www.virustotal.com/en/file/4db9177af43a958686b9367f19df90023acf3189c388497a8a7d1d8cb3f7f0e0/analysis/  https://www.virustotal.com/en/file/57a0c38bf7cf516ee0e870311828dba5069dc6f1b6ad13d1fdff268ed674f823/analysis/
The new firmware scan addition will determine whether firmware images are legitimate or suspicious. The tool is also designed to extract certificates attached to firmware as well as executables. In particular, the cool can extract portable executable files (PEs) inside firmware. The latter can be associated with malware or suspicious behavior.
Thanks to the firmware addition to VirusTotal, users will be able to extract their own firmware and submit to VirusTotal. The tool is very useful not only to users but also to researchers, since uploaded firmware images can be stored in a database. Such databases are quite useful to malware researchers.