How would one scan a large, untrusted file?

You may not be aware of this, but VirusTotal saves the files that you upload. Businesses that have a subscription to VirusTotal can download those files you uploaded, it's part of the terms of service. I wouldn't upload anything potentially sensitive that you don't want the entire world seeing.

While VirusTotal is indeed a useful service, I don't see it being beneficial to scan everything you encounter. Assuming you're running Windows, any of the big players in the AntiVirus game such as Windows Defender, should be sufficient most of the time.

Is there a reason you're worried about this game installer? Is it from a legitimate source, or is it something you grabbed off a P2P service? Things such as games which unpack giant executables aren't as likely to be caught by AntiVirus. There's a lot more space to hide something malicious that seems innocuous.

For something that size, I would recommend running in a sandbox. Cuckoo will analyze files and executables dynamically. Sandboxie doesn't analyze files, but rather provides isolation, so if a program is malicious they won't be able to touch the rest of the computer.


Large [legitimate] files, generally have a checksum provided by the manufacturer for a number of reasons:

  • Ensure the download completed successfully and in it's entirety
  • Ensure the download is from the manufacturer in it's intended (unmodified) form

I'd hunt for a checksum from the vendor and try to match the hashes up. Acceptable hashes are SHA256 and greater. MD5 and SHA1 have known collisions and as such will be deprecated soon.

As a second option, you can detonate on an isolated host before running on your intended system. Sandboxes can be effective for some malware, but more and more malware is keen to detect if it's being run in a sandbox and will not detonate under certain conditions.