cancel
Showing results for 
Search instead for 
Did you mean: 

Is File Size an Indicator for Suspiciousness

Jump to solution

Hello community,

I have a tiny question: I read in a blog that virus scanner executables files with a small size generally classify as suspiciousness, is that really the truth?

I use a very powerful compiler called PureBasic which converts the source code into assembler code and the assembler FASM creates very small executables. As example here a link to as document which describes a small size SAP server application, only with 9.728 bytes. I can not imagine that the file size is really an indicator for suspiciousness.

Thanks for information.

Cheers

Stefan

1 Solution

Accepted Solutions

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hi Stefan,

You are assumptions are correct, size does not matter. From a Researcher standpoint, we look at the code and content of the sample to determine if it is malicious. Size is not an indicator if a file is suspicious.

Thank you,


DG

7 Replies

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello community,

it seems that this question is from secondary importance. Is there a better forum here to discuss this kinds of questions?

Thanks for tips and hints.

Regards

Stefan

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 3 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

We mods not the best source to answer this I have emailed a lab tech to see if she can answer this

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Lab tech is on your case she will answer here soonish

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hi Stefan,

You are assumptions are correct, size does not matter. From a Researcher standpoint, we look at the code and content of the sample to determine if it is malicious. Size is not an indicator if a file is suspicious.

Thank you,


DG

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Thanks Desertgal

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello Peacekeeper,

thanks for your efforts.

Cheers

Stefan

Highlighted

Re: Is File Size an Indicator for Suspiciousness

Jump to solution

Hello desertgal,

thanks for your explanation.

Cheers

Stefan