CH 8 - Malware Flashcards
In a botnet, what are the systems that tell individual bots what to do called?
A. C2 servers
B. IRC servers
C. HTTP servers
D. ISC2 servers
A.
C2 servers
What is the primary difference between a worm and a virus?
A. A worm uses polymorphic code.
B. A virus uses polymorphic code.
C. A worm can self‐propagate.
D. A virus can self-propagate
C.
A worm can self‐propagate.
What is one advantage of static analysis over dynamic analysis of malware?
A. Malware is guaranteed to deploy.
B. Dynamic analysis is untrustworthy.
C. Static analysis limits your exposure to infection.
D. Static analysis can be run in virtual machines.
C.
Static analysis limits your exposure to infection.
What would you use VirusTotal for?
A. Checking your system for viruses
B. Endpoint protection
C. As a repository of malware research
D. Identifying malware against antivirus engines
D.
Identifying malware against antivirus engines
What are two sections you would commonly find in a portable executable file?
A. Text and binary
B. Binary and data
C. Addresses and operations
D. Text and data
D.
Text and data
What could you use to generate your own malware?
A. Empire
B. Metasploit
C. Rcconsole
D. IDA Pro
B.
Metasploit
What is the purpose of a packer for malware?
A. To obscure the actual program
B. To ensure that the program is all binary
C. To compile the program into a tight space
D. To remove null characters
A.
To obscure the actual program
What is the primary purpose of polymorphic code for malware programs?
A. Efficiency of execution
B. Propagation of the malware
C. Antivirus evasion
D. Faster compilation
C.
Antivirus evasion
What would be one reason not to write malware in Python?
A. The Python interpreter is slow
B. The Python interpreter may not be available.
C. Library support is inadequate.
D. Python is a hard language to learn.
B.
The Python interpreter may not be available.
What would you use Cuckoo Sandbox for?
A. Static analysis of malware
B. Malware development
C. Dynamic analysis of malware
D. Manual analysis of malware
C.
Dynamic analysis of malware
If you wanted a tool that could help with both static and dynamic analysis of malware, which would you choose?
A. Cutter
B. IDA
C. PE Explorer
D. MalAlyzer
B.
IDA
What is the purpose of using a disassembler?
A. Converting opcodes to mnemonics
B. Converting mnemonics to opcodes
C. Translating mnemonics to operations
D. Removing the need for an assembler
A.
Converting opcodes to mnemonics
What does the malware that is referred to as a dropper do?
A. Drops antivirus operations
B. Drops CPU protections against malicious execution
C. Drops files that may be more malware
D. Drops the malware into the Recycle Bin
C.
Drops files that may be more malware
Why would you use an encoder when you are creating malware using Metasploit?
A. To compile the malware
B. To evade antivirus
C. To evade user detection
D. To compress the malware
B.
To evade antivirus
If you were to see the following command in someone’s history, what would you think had happened?
A. A poison pill was created.
B. A malicious program was generated.
C. Existing malware was encoded.
D. Metasploit was started.
B.
A malicious program was generated.