This is a sample of checking VT for hashes using PowerShell. Check out PPRT (PowerShell Phishing Response Toolkit) for a more accurate use. https://github.com/MSAdministrator/PPRT---PowerShell-Phishing-Response-Toolkit

Search-VTForHash

  #Get-FileHash is a built in PowerShell cmdlet with Version 5
  
  
  Write-Verbose "Downloading Posh-VirusTotal PowerShell Module...."
  iex (New-Object Net.WebClient).DownloadString("https://gist.githubusercontent.com/darkoperator/9138373/raw/22fb97c07a21139a398c2a3d6ca7e3e710e476bc/PoshVTInstall.ps1")
  
  $VTAPIkey = 'somevtapikey'
  
  #single file Hash
  $AttachmentHash = Get-FileHash C:\$env:Desktop\somefile.txt
  
  #Get a list of hashes and check against VT
#  $AttachmentHash = Get-Content "$([Environment]::GetFolderPath("Desktop"))\somefileofhashesondesktop.txt"
  #if you do the above to get a list of Hashes you must change $AttachmentHash.Has in the below foreach to just $AttachmentHash
  
  foreach ($hash in $AttachmentHash.Hash)
  {
      $VTFileReport = Get-VTFileReport -Resource $hash -APIKey $VTAPIKey

      if ($VTFileReport.ResponseCode -eq 1)
      {
          $result = [System.Windows.Forms.MessageBox]::Show("The following SHA256 hash was already been submitted to VirusTotal.`n $hash", 'Warning', 'Ok', 'Warning')
          Write-LogEntry -type Info -message "VirusTotal Submission" -Folder $logpath -CustomMessage "Hash has been previously submitted to VirusTotal: $hash"
      }
      if ($VTFileReport.ResponseCode -eq 0)
      {
          $result = [System.Windows.Forms.MessageBox]::Show("The following SHA256 hash has NOT been submitted to VirusTotal. Do you want to upload this file to VirusTotal Now?`n $hash", 'Warning', 'YesNo', 'Warning')

          if ($result -eq $true)
          {
              $SubmitToVT = Submit-VTFile -File $AttachmentHash.Path -APIKey $VTAPIKey
          }
      }
  }