Acutis logo Acutis Go network & machine diagnostics

How to Check If a File Is Malware

Acutis · plain-English network help · updated June 2026

The safe answer: don't run it — fingerprint it

If you have a file you're unsure about, the safest way to check it is to never open it at all. Instead, compute the file's hash — its unique digital fingerprint — and look that fingerprint up against databases of known malware. If the file matches something the security world has already flagged as malicious, you'll know without ever executing a single line of it.

This works because of how hashing behaves. A hash like SHA-256 turns any file into a short, fixed string that is unique to its exact contents. Compute the fingerprint, search for it, and you get an answer — all without the file doing anything.

Why hash reputation works

When security researchers, antivirus vendors, and automated sandboxes discover a malicious file, they record its hash in shared databases. Because the same file always produces the same hash anywhere in the world, that one fingerprint becomes a universal name for that exact piece of malware.

So when you compute the hash of your suspicious file and search for it, you're essentially asking: "has anyone, anywhere, already identified this exact file as dangerous?" If dozens of antivirus engines have flagged that fingerprint, you have a very strong signal — and you got it without taking any risk yourself.

  • No execution. You never run the file, so it can never do harm during the check.
  • Instant and global. A hash lookup is a database query against the collected knowledge of the whole security community.
  • Exact, not fuzzy. A hash match means it is literally the same file that was flagged, not merely a similar one.

Where to look up a file's hash

A few free services maintain large databases of file hashes and let you search by fingerprint:

  • VirusTotal. The best-known option. You can paste a file's hash and see whether it's already in their system, and how many of the dozens of antivirus engines they run have flagged it. Searching by hash means you don't even have to upload the file itself.
  • MalwareBazaar. Run by abuse.ch, this is a public repository of confirmed malware samples, searchable by hash. A hit here is a strong confirmation that a file is known-bad.

The crucial point: because you're searching by the hash, you can do all of this without uploading the file anywhere. Computing the fingerprint locally and then searching for that string keeps the file on your own machine the entire time.

"Not found" does not mean "safe"

This is the most important thing to understand, and it's where people most often go wrong. A hash lookup can only tell you about files that are already known. There are two possible outcomes:

  • Found and flagged. The fingerprint matches known malware. This is a reliable danger signal — treat the file as malicious and delete it.
  • Not found. Nobody has reported this exact file. That means it is unknown, not proven safe. Brand-new malware, or malware tweaked slightly to produce a fresh hash, won't be in any database yet. Custom or rare legitimate files won't be either.

In other words, a "found" result is conclusive, but a "not found" result is just the absence of bad news. Stay cautious with unknown files: check where it came from, whether you expected it, and whether the source is trustworthy before you ever open it.

Browser-based hashing keeps the file local

You don't need to send a file to a server to fingerprint it. Modern browsers can compute a SHA-256 hash entirely on your own machine using built-in cryptography. That means you can drop a suspicious file into a browser-based tool, get its hash without the file ever leaving your device, and then search that hash on a reputation service yourself.

This is the most privacy-friendly and lowest-risk approach: the file stays put, nothing gets executed, and you only ever share a short, anonymous fingerprint — never the file's contents.

Quick recipe

  1. Don't open the file. Leave it exactly where it is.
  2. Compute its SHA-256 hash locally (a browser-based tool keeps the file on your device).
  3. Search that hash on a reputation service like VirusTotal or MalwareBazaar.
  4. If it's flagged, delete it. If it's not found, treat it as unknown — verify the source before trusting it.

Check a file's reputation in one step

Our free file reputation tool computes the hash in your browser and checks that fingerprint against malware databases for you — the file never leaves your device and nothing is ever run. Drop a file in and get an answer in seconds.

Check a file's hash against malware databases →

Stop guessing — is it the network or your machine?

Worried something on your computer is misbehaving but not sure where the trouble is? Acutis Go runs a 60-second check and tells you plainly whether the fault is your network or your own device — so you stop chasing the wrong thing. Free, no account to try.

Get Acutis Go — free

Related guides