MalwareTips
Scanner · live

Is this file malware?

Drop a file up to 64 MB — or 128 MB when you're signed in. Your browser hashes it locally, 70+ antivirus engines weigh in, and the MT AI Engine commits to a verdict in plain English — with the reasoning cited and the counterfactuals shown. Your file never touches our disk.

Scan a file

Drop it here, or

Your browser will hash the file with SHA-256 before anything leaves the device. If we already know the hash, the verdict is instant — zero bytes uploaded.

SHA-256 locally·No file storage·Max 64 MB
No file storageSHA-256 hashed locally70+ AV enginesAI verdictFree · no account required
Under the hood

From your device to verdict, in one pass.

Five stages. No disk writes on our side. If the hash is already known, stages 3 and 4 are skipped entirely.

  1. SHA-256 in your browser
    WebCrypto
  2. Hash cache lookup
    Instant hits
  3. 70+ AV engines
    VirusTotal network
  4. MT AI Engine
    Weighs every signal
  5. Verdict with reasoning
    Shareable report
70+
antivirus engines
Microsoft, Kaspersky, ESET & more
< 2s
hash-hit verdict
zero bytes uploaded
128 MB
per file for members
64 MB as a guest — sign in to double it
0
bytes stored
pass-through, never written to disk
Live · recent file scans

What people just scanned.

View all reports
How it works

Multi-engine scan meets an AI that reasons.

Everyone else tells you how many engines flagged the file — a 3/70 ratio and a shrug. We run that same network, then hand every signal to the MT AI Engine. It commits to one verdict, cites the evidence, and lists the counterfactuals that could make it wrong. You read the reasoning, not a score.

The MT AI Engine decides

Not a rule ladder. Our arbiter reads every signal — engine detections, sandbox behaviour, code-signing history, past verdicts on similar files — and commits to a single verdict, with cited reasoning you can audit line by line.

70+ antivirus engines

Every upload is cross-checked against the same network enterprise SOC teams rely on — Bitdefender, Kaspersky, ESET, Microsoft, Sophos, and 60+ more. The arbiter reads their verdicts as one input, not the last word.

Key signals you can cite

Every verdict surfaces the 3–5 concrete factors that drove it: engine names, MITRE techniques, signer strings, exact counts. No opaque scores — you see the evidence the call rests on.

Honest about its doubts

Each verdict ships with a "What could make us wrong?" panel listing the counterfactuals — so you know the weak points before you act on the reading. Transparency no other scanner offers.

Pass-through — no storage

Your file streams through the scanner and is dropped. We keep only the SHA-256 hash and the verdict report. The binary itself never touches our disk, our backups, or anyone else's.

Hash-first lookup

Your browser hashes the file with SHA-256 before anything leaves it. If we've already seen that hash — as we have for most common malware and popular software — the verdict is instant. Zero bytes move.

Privacy

We don't keep your file

Uploaded bytes live in the request handler's memory for a few seconds while we stream them to the antivirus network. Never written to disk, never copied to object storage, never indexed against your identity. We keep the SHA-256 and the verdict report — so the next person who scans the same file gets an instant answer and zero bytes move. No shadow profiles, no retention tier, no hidden copy.

Frequently asked

Quick answers.

Is this really free?
Yes. Guests get 64 MB per file and 20 scans per hour from one IP. Signed-in MalwareTips members get 128 MB per file and 100 scans per hour. No paid tier, no card, no trial countdown.
Where does my file go?
Through our API, straight to the antivirus engine network. We never write the bytes to disk, never copy them elsewhere, and discard them the moment the scan finishes. Only the SHA-256 hash and the verdict report are stored.
Can I scan without uploading?
If the file's SHA-256 is already in our network (as it is for most common malware and popular software), the verdict is instant. Your browser hashes the file locally, we check the hash, and you see the result in under two seconds — zero bytes transferred.
What file types are supported?
Anything that fits the size cap — 64 MB as a guest, 128 MB signed in. Windows executables (EXE, DLL, MSI), installers, Office documents, PDFs, archives (ZIP, RAR, 7z), Android APKs, scripts, shell binaries. If an antivirus can parse it, so can we.
Why an AI verdict? What does it add over antivirus scores?
Antivirus engines return cryptic labels like "Trojan.GenericKD.62714924" or "ML.Attribute.HighConfidence" — and they disagree with each other all the time. The MT AI Engine reads every engine's call alongside sandbox behaviour, signer history, and past MalwareTips verdicts on similar files, then commits to one answer: "RustDesk 1.4 — legitimate signed utility, the three detections are known AI-heuristic false positives", or "confirmed Lumma stealer, delete now." You see the 3-5 key signals it cited and the counterfactuals that could make it wrong.
Can I trust a single AI call?
That's the right question to ask. Every verdict ships with cited evidence (which engines, which signer history, which MITRE techniques), an honest "What could make us wrong?" panel, and a Report-this-verdict button that puts your file in front of MalwareTips staff. Gate bypasses (MalwareBazaar ground-truth hits, staff overrides) skip the AI entirely. If the AI and a high-trust engine consensus disagree, the scan is automatically queued for staff review — we're not pretending the AI is infallible.
Have a suspicious download?

Scan it before you open it.

Free, anonymous, no account required — 64 MB per file, 20 scans per hour. Sign in for 128 MB and 100 scans per hour. Either way, the MT AI Engine reads the evidence and tells you what to do.

Scan a file