Scan files for malware and spyware

Files are the classic delivery vehicle for malware. An email attachment, a "cracked" app, a document from an unfamiliar sender, an installer from a search-engine ad — any of these can carry spyware, a trojan or ransomware. Scanning a file before you open it is one of the highest-value security habits you can build, and it takes about as long as reading this sentence.

What our file scanner checks

When you upload a file to the scanner, several things happen in sequence:

• Hashing. The file's SHA-256 fingerprint is calculated. This uniquely identifies it and lets us recognise it instantly if it has been seen before.
• Signature matching. The sample is checked against detection signatures for known spyware, stalkerware, trojans, ransomware, adware and potentially-unwanted programs.
• Heuristic and behavioural analysis. Beyond known signatures, the scanner looks at structural and behavioural traits common to malicious files — packing, suspicious API usage, double extensions and more.
• Reputation and community data. The file's history, how often it has been scanned, and how the community has voted all feed into the verdict.

Reading your file report

The result is designed to be readable by anyone. At the top is a risk score from 0 to 100 and a plain verdict: clean, suspicious or malicious. Below that, a detection table lists each engine that flagged the file and the name it assigned — for example Android.Spy.Agent or Win32.Stalkerware. You also see the file's hash, type and size, so you can be certain exactly what was analysed.

A high score with many engine detections is a clear signal to delete the file and not run it. A clean result is reassuring, though no scanner is infallible — combine it with common sense about where the file came from.

Which file types should you scan?

Anything executable or capable of running code deserves a scan, especially:

• Installers and executables (.exe, .msi, .dmg, .pkg)
• Mobile app packages (.apk, and .ipa metadata)
• Scripts (.js, .vbs, .bat, .ps1)
• Archives (.zip, .rar) that you are about to extract
• Office documents with macros (.docm, .xlsm)

Be especially wary of double extensions like invoice.pdf.exe — a favourite trick that disguises an executable as a harmless document.

Privacy when you upload

Scanning produces a public verdict tied to the file's hash and indicators — not to you. That shared data is what makes the community database valuable. However, because submissions contribute to that database, you should never upload files that contain personal secrets or confidential business data. If you only need to check a file's identity, its hash alone is often enough. See our privacy policy for the full detail.

From file scan to peace of mind

If a scan comes back malicious, the right steps are simple: do not open the file, delete it, and if you already ran it, change your passwords from a clean device and consider a deeper device check. Our guides on finding spy apps on Android and iPhone cover what to do next.

Try it now

You do not need an account. Head to the scanner, drop in the file you are unsure about, and read the verdict. If you spot something the engines missed, your vote and comment will help the next person who scans it.