This plugin integrates VirusTotal Code Insights with Binary Ninja.
It allows analysis of the currently selected function or text (HLIL or assembly) by submitting it to the VirusTotal Code Insights API. The plugin then displays a summarized explanation of the function's behavior inside Binary Ninja.
The plugin extracts the function’s code, sends it to VirusTotal, receives an AI-generated analysis, and formats the results for easy review.
Before using the plugin, a VirusTotal API key must be provided.
- Open Preferences → Settings in Binary Ninja.
- Search for VirusTotal Code Insights.
- Enter your API key in the API Key field.
The plugin cannot run without a valid API key.
- Navigate to a function in Binary Ninja.
- Open the Tools menu.
- Select VirusTotal → Analyze Function.
- Choose the analysis mode:
- Decompiled (HLIL)
- Compiled (Assembly)
The extracted code is sent to the VirusTotal Code Insights API.
The returned analysis is displayed in a separate panel inside Binary Ninja.
VirusTotal returns a structured summary, typically including:
- High-level behavioral summary
- Step-by-step description
- Additional metadata if provided by the API
The output panel supports:
- Copy to clipboard
- Clearing the displayed analysis
- Only the extracted function body is sent to VirusTotal; full binaries or project data are not uploaded.
- API reference can be found here
This project is licensed under the MIT License. See the LICENSE file for details.
