Malware Analysis

Question 1

In InfoSec and Malware Analysis, what is sheep dipping?

Answer 1

the analysis of suspicious files, incoming messages, etc., for malware. The users isolate the sheep-dipped computer from other computers on the network to block any malware from entering the system

Question 2

Some tasks that are run during the sheep dipping process.

Answer 2

• Run user, group permission, and process monitors
• Run port and network monitors
• Run device driver and file monitors
• Run registry and kernel monitors

Question 3

A tool that provides information about the files in the organization such as the full path of the file, date of creation, date of modification, file size, file attributes, file version, and extension to compare similar files and identify any changes to the data

Answer 3

HashMyFile

Question 4

A collection of computer software that detects and analyzes malicious code threats such as viruses, worms, and Trojans. It is used along with sheep dip computers.

Answer 4

Antivirus Sensor Scan

Question 5

A process of reverse engineering a specific piece of malware to determine its origin, functionality, and potential impact

Answer 5

Malware Analysis

Question 6

A phishing tool used to phish user credentials from various social networking platforms such as Instagram, Facebook, Twitter, and LinkedIn. It also displays the victim system’s public IP address, browser information, hostname, geolocation, and other information

Answer 6

ShellPhish

Question 7

A giant neighborhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing attacks. Provides updated information about sites that users visit regularly and blocks dangerous sites

Answer 7

Netcraft

Question 8

Restricts access to files, folders, and drivers by locking, hiding, or password-protecting them. Attackers can thus use this tool for these purposes. With this program, nobody can access or destroy the attacker’s data without a password

Answer 8

Gilisoft Filelock Pro

Question 9

a tool to check active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics, and IPv6 statistics.

Answer 9

Netstat

Question 10

a tool to extract the embedded strings in the file into a readable format

Answer 10

Bintext

Question 11

going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose

Answer 11

Static malware analysis

Question 12

A tool with the following characteristics
Reliable capture of process details, including image path, command line, user and session ID.
Configurable and moveable columns for any event property.
Filters can be set for any data field, including fields not configured as columns.
Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data.
Process tree tool shows the relationship of all processes referenced in a trace.
Native log format preserves all data for loading in a different Process Monitor instance

Answer 12

Process Monitor

Question 13

taking a snapshot of the system at the time the malware analysis begins

Answer 13

System Baselining

Question 14

The .dll file used by the Zeus Trojan to access and manipulate Service Manager and Registry on a victim machine

Answer 14

Advapi32.dll

Question 15

used to detect suspicious startup programs and processes

Answer 15

Startup Monitoring

Question 16

used examine the changes made to the system’s registry by malware

Answer 16

Registry Monitoring

Question 17

used to scan for suspicious processes

Answer 17

Process monitoring

Question 18

traces malicious services initiated by the malware. Since malware employs rootkit techniques to manipulate HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services registry keys to hide its processes, windows service monitoring can be used to identify such manipulations.

Answer 18

Windows services monitoring

Question 19

online services can a security analyst upload the suspicious file to identify whether the file is a genuine one or a malicious one

Answer 19

Virustotal.com

Question 20

also called behavioral analysis and involves executing malware code to determine how it interacts with a host system as well as its impact on the system after infection

Answer 20

Dynamic Malware Analysis

Question 21

techniques is used to compute the hash value for a given binary code to uniquely identify malware or periodically verify changes made to the binary code during analysis

Answer 21

File fingerprinting

Question 22

file dependencies is a networking DLL that helps connect to a network or perform network-related tasks

Answer 22

WSock32.dll or Ws2_32.dll

Question 23

tools helps an attacker in performing malware disassembly

Answer 23

Ghirda

Question 24

Ransomware that uses the RSA-2048 asymmetric encryption technique

Answer 24

SamSam

Question 25

Ransomware that uses a combination of the RSA and AES algorithms to encrypt files

Answer 25

WannaCry

Question 26

Ransomware that encrypts files using an AES 256 algorithm. The AES key is also encrypted with an RSA 1024

Answer 26

Dharma

Question 27

Ransomware that uses RC4 and RSA algorithms for encryption

Answer 27

Cerber

Question 28

While preparing testbeds for malware analysis,a technique used to manually perform dynamic analysis

Answer 28

Sandbox

Question 29

PE file contains instructions and program code that the CPU executes

Answer 29

.text

Question 30

A host integrity monitoring technique that can be adopted for components that perform security operations, such as firewall systems, IDS/IPS, web servers, and authentication servers

Answer 30

Event log monitoring

Question 31

A computer installed with port monitoring, file monitoring, network monitoring, and antivirus software and connected to network only under strictly controlled conditions is known as

Answer 31

Sheep Dip

Question 32

going through the executable binary code without actually executing it to have a better understanding of the malware and its purpose

Answer 32

Static malware analysis