22 Questions
What type of malware allows an attacker to control the system?
Backdoor
Which tool is commonly used for basic static malware analysis to view malware without looking at instructions?
VirusTotal
What is the main purpose of a downloader type of malware?
To download other malicious code
Which type of malware is typically used to ensure stealth or greater access to a system by employing unconventional techniques?
Rootkit
Which analysis technique involves running the malware and monitoring its effects?
Dynamic analysis
What type of malware frightens users into purchasing something they do not need?
Scareware
What is a common goal of incident response after malware is found?
To locate all infected machines and files
Which of the following is a key aspect of root-cause analysis in malware analysis?
Understanding how the attack occurred
What is a primary focus of host-based signatures in malware analysis?
Identifying infected files or registry keys
What distinguishes network signatures from host-based signatures in malware analysis?
Network signatures detect malware by analyzing network traffic
Which of the following is a primary purpose of malware analysis?
To dissect malware to understand its functionality
What is a fundamental principle of basic static analysis techniques in malware analysis?
Analyze the behavior of the malware on an isolated system
What is the main difference between mass malware and targeted malware?
Mass malware is intended to infect as many machines as possible, while targeted malware is tailored to a specific target.
What is the purpose of hashing in malware analysis?
To identify unique file fingerprints of malware
Why might using VirusTotal for antivirus scanning be a concern?
It may alert attackers that they've been caught
What does the strings command in Linux do?
Finds all strings in a file 3 or more characters long
What is the purpose of packing files in malware analysis?
To make the strings and instructions unreadable
How does dynamic linking differ from static linking?
Dynamic linking links libraries when the program is loaded
What can the PE header reveal about a program's functionality?
The names of libraries and functions that will be loaded
What does the IMAGE_SECTION_HEADER's Virtual Size represent in PE files?
RAM size of raw data
What is the purpose of Resource Hacker in browsing a program's.rsrc section?
To browse strings, icons, and menus
What is the common method for detecting packers in malware analysis?
Utilizing PEiD tool
Explore the differences between dynamic and static malware analysis, along with the tools used for each approach. Learn about examining malware without running it using tools like VirusTotal and IDA Pro, and running malware in a controlled environment with tools like RegShot and Process Monitor.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
