L6: Adv. Malware Analysis

Question 1

A signature scanner that tries to identify malware that has been obfuscated/packed by its unique strings would not be effective

Answer 1

True

Question 2

Each instance of packed Malware looks different, but there is always a signature or pattern across all instances.

Answer 2

False

Question 3

Code that reverses the pre-runtime transformation of packed malware is included in the executable.

Answer 3

True

Question 4

Even for the same malware program, each packed instance will look different, and therefore a signature based approach is not effective in detecting the malware.

Answer 4

True

Question 5

Rootkits are an example of Malware hiding from:

a. Users
b. Security
c. Researchers

Answer 5

Users

Question 6

Mapping security sites and honey pots to avoid them is an example of Malware hiding from:

a. Users
b. Security
c. Researchers

Answer 6

Security

Question 7

Using nonce-based encryption methods is an example of Malware hiding from:

a. Users
b. Security
c. Researchers

Answer 7

Researchers

Question 8

Rank the following malware analysis categories from easiest to hardest:

i. Static Properties Analysis
ii. Manual Code Reversing
iii. Fully Automated Analysis
iv. Interactive Behavior Analysis

Answer 8

i. Fully Automated Analysis
ii Static Properties Analysis
iii. Interactive Behavior Analysis
iv. Manual Code Reversing

Question 9

Rank the following malware analysis categories based on how much information can be revealed:

i. Static Properties Analysis
ii. Manual Code Reversing
iii. Fully Automated Analysis
iv. Interactive Behavior Analysis

Answer 9

i. Manual Code Reversing
ii. Interactive Behavior Analysis
iii. Static Properties Analysis
iv. Fully Automated Analysis

Question 10

In order to achieve transparency, a malware analyzer needs to run at a higher privilege than the malware.

Answer 10

True

Question 11

The most challenging transparency requirement is the identical notion of time.

Answer 11

True