Malware Analysis

Question 1

Downloader

Answer 1

Used to download the primary malware or additional tools
Ex- Office documents

Question 2

Dropper

Answer 2

Similar to Downloader but has the malware embedded within and will not rely upon retrieval from the internet, although the dropped payload may.

Question 3

Loaders

Answer 3

Used to download additional malware, will likely persist on the host and use a variety of techniques for command and control

Question 4

Boot Integrity

Answer 4

Using a secure method to boot a system and verify the integrity of the OS and loading mechanism

Question 5

UEFI

Answer 5

Unified Extensible Firmware Interface
Specification for a software program that connects a computer’s firmware to its OS
Installed at time of manufacturing and is the first program that runs when a computer is turned on
Checks to see what hardware components the device has, wakes them up, and hands them over to the OS

Question 6

Measured Boot

Answer 6

Checks each startup component, including the firmware all the way to the boot drivers
Stores this info in the TPM and can send it to a trusted server that can objectively assess the PC’s health

Question 7

Boot Attestation

Answer 7

Enables a remote platform to measure and report its system state in a secure way to a third party

Question 8

Code Signing

Answer 8

Process of digitally signing executables and scripts to confirm the software author can guarantee that the code has not been altered or corrupted since it was signed