Malware

Question 1

What information does static analysis provide?

Answer 1

File type
File hash
Strings
Embedded Elements Packer information
Imports / exports

Question 2

Benefits of static analysis

Answer 2

Speed
Safety
Comprehensive Insight
Detection of known threats

Question 3

Limitations of black box

Answer 3

Inability to detect runtime behavior
complexity with Obfuscation
False Positives

Question 4

What are the Five Ws of analysis

Answer 4

Who
What
When
Where
Why

Question 5

Types of destructive malware?

Answer 5

Ransomware
Wiper
Virus
Worm
Spyware

Question 6

First step before extracting malware?

Answer 6

Create an image of the HDD.

Question 7

What is whiteboxing? and What Ws are covered

Answer 7

Reverse Engineering code of malware … which is Who and Why

Question 8

Spyware

Answer 8

Monitors user activity and collects personal information without consent

Question 9

Botnet?

Answer 9

Network of infected computers controllected by an attacker to perform coordinated tasks

Question 10

Keyloggers?

Answer 10

…

Question 11

What is blackboxing?

Answer 11

…

Question 12

What is motive types? (Why)

Answer 12

Financial gain
Hacktivism
Corporate Espionage
Curiosity/Challenge
State
Personal Vendetta

Question 13

Victims (Who?)

Answer 13

Individuals
Corporations
Governments
Non-Profits

Question 14

Methods (How and Where)

Answer 14

Phishing
Malware
Exploiting Vulnerabilities
Insider Threats

Question 15

Timeline (When?)

Answer 15

Often over extended timelines due to delayed detection

Question 16

Malware Symptoms

Answer 16

Slow
Freezing or Crashing
Diminished Storage Space
Popups
Deleted or modified files
New programs or icons
changes in security setting
unusual network activity
browser changes
programs running without consent
error messages
suspicious applications

Question 17

Malware Spreading Techiques

Answer 17

Phishing attacks
malvertising
Drive-by downloads
Social Engineering
Malicious Links in Social Media
Software Bundling
Remote Desktop Protocol (RDP)
Lateral Movement

Question 18

Typosquatting

Answer 18

involving registering domains name is similar to legitimate sites hoping users will mistype

Question 19

Torrents / Peer to Peer Sharing

Answer 19

disguised malware as pirated content

Question 20

Infected Removable Media

Answer 20

malware is spread through removable media

Question 21

Exploiting Unpatched Vulnerabilities

Answer 21

unpatched vulnerabilities using exploit kits designed for this purpose

Question 22

ransomware

Answer 22

encrypts files and demands payments for decryption

Question 23

Wiper

Answer 23

Deletes data rather than holding it for ransom

Question 24

Viruses

Answer 24

Attaches itself to legitimate programs and replicates to infect other files

Question 25

Worms

Answer 25

selfreplicating malware that spreads across networks without user action