Malware

Question 1

What is meant by Overt Channels?

Answer 1

Legitimate communication channels used by programs

Question 2

What is meant by Covert Channels?

Answer 2

Used to transport data in unintended ways

Question 3

What is a Malware Wrapper?

Answer 3

Software that allows you to bind an executable to an ordinary file.

Question 4

What is a Crypter?

Answer 4

A software that provides combination of encryption, code manipulation and obfuscation to render malware undetectable from security applications.

Question 5

What is a packer?

Answer 5

Used for compressing executables which helps evade signature based detection

Question 6

What are the following tools used for?
1. Infinity
2. Bleeding Life
3. Crimepack
4. Blackhole Kit

Answer 6

Exploit kits - Help delivery of exploits and payloads

Question 7

What type of Malware is a Trojan?

Answer 7

Software that appears legitimate but instead functions and performs malicious activity

Question 8

What is the purpose of a Proxy Trojan?

Answer 8

Turn the victims infected machine into a proxy server, routing traffic through it.

Additionally have full access to the infected host.

Question 9

What is the purpose of a Defacement Trojan?

Answer 9

Change the workings or appearance of a website or system, additionally can be used to exfiltrate data.

Question 10

What is the purpose of a Botnet Trojan?

Answer 10

Be able to remotely control the infected host, which could be used in DDoS attacks or spam. End goal is to weaponise infected hosts.

Examples:
- Chewbacca
- Skynet

Question 11

What malware types are listed below:
1. RAT
2. MoSucker
3. Optix Pro
4. Blackhole

Answer 11

Remote Access Trojans, gives the attacker ability to remote into to infected hosts

Question 12

What malware type is listed below:
1. Zeus
2. Spyeye

Answer 12

Banking Trojans - To steal banking information

Question 13

What is a Command Shell Trojan?

Answer 13

Purpose is to provide a backdoor access through a command line

Example:
- Netcat

Question 14

What is a Covert Channel Tunnelling Trojan (CCTT)?

Answer 14

A RAT type trojan. Creates data transfer channels in the data streams authorized by a network access control system

Question 15

What does the following command do?

netstat -an

Answer 15

Shows open ports in order

Question 16

What does the following command do?

netstat -b

Answer 16

Displays all active connections and processes using them

Question 17

What is the general purpose of the following tools:
- SysAnalyzer
- Tiny Watcher
- Regshot

Answer 17

Registry Monitoring

Additional tools: Active Registry Monitor

Question 18

What is the purpose of msconfig?

Answer 18

Windows program that shows all programs set to start on startup

Question 19

What is meant by HIDS?

Answer 19

Host Intrusion Detection System

Question 20

What type of tool is Tripwire?

Answer 20

Integrity verifier

Question 21

What is SIGVERIF used in Windows?

Answer 21

Verify the integrity of the system

Question 22

Which of the following BEST describes the mechanism of a Boot Sector Virus?

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
Overwrites the original MBR and only executes the new virus code
Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Answer 22

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

Question 23

What is meant by Heuristic Analysis?

Answer 23

Examining code for malicious properties.

Question 24

What characteristics does a Virus have?

Answer 24

Self replicating malware, attaches itself to other executables

Question 25

What is Fake Antivirus malware?

Answer 25

Disguised as AV but is a malware. Tries convince users they have malware in order for people to download it.

Question 26

What type of malware is Wannacry?

Answer 26

Ransomware, exploited by unpatched SMB servers

Question 27

What type of malware is Cryptorbit?

Answer 27

Ransomware

Question 28

What type of malware is CryptoLocker?

Answer 28

Ransomware

Question 29

What type of malware is police-themed?

Answer 29

Ransomware

Question 30

What type of malware is CryptoDefense?

Answer 30

Ransomware

Question 31

What’s the purpose of a Shell Virus?

Answer 31

Wraps itself around other application codes

Question 32

What is the purpose of a Cluster Virus?

Answer 32

Modifies directory table entries. Every time a directory or file is opened, cluster virus executes.

Question 33

What is a Multipartite Virus?

Answer 33

Infects boot sectors and files. Virus with multiple infection methods.

Question 34

What is a Macro Virus?

Answer 34

Written in VBA, infects Word and Excel files.

Question 35

What is a Polymorphic Code Virus?

Answer 35

Virus that mutates its code (using polymorphic engine). Evades AV because code is always changing.

Question 36

What is a Encryption Virus?

Answer 36

Encrypts itself to hide from AVs.

Question 37

What is a Metamorphic Virus?

Answer 37

Rewrites itself after every infection.

Question 38

What is a Stealth/Tunnelling Virus?

Answer 38

Attempts to evade AVs by many means, tries to intercept AV requests to the OS.

Question 39

What is a Cavity Virus?

Answer 39

Embeds itself within files, replaces data to avoid increasing file size

Question 40

What is a Sparse Infector Virus?

Answer 40

Only infects occasionally (e.g. every 10th time) to avoid being discovered

Question 41

What is a Extension Virus?

Answer 41

Changes the file extensions of files.

Question 42

What is Sonic Bat?

Answer 42

Virus Generator

Question 43

What characteristics does a Worm have?

Answer 43

• Self-replicating malware that sends itself to other computers without human intervention.
• Mostly resides in Active Memory.
• Used in Botnets

Question 44

In a VM, which NIC configuration is best used in Malware Analysis?

Answer 44

Host-only mode. Also disable open shares.

Question 45

What are these tools used for?
- binText
- UPX

Answer 45

Analysis of malware in static state

Question 46

What are these tools used for during malware analysis?
- NetResident
- TCPView
- Wireshark

Answer 46

Monitoring processes and network activity

Question 47

What are these tools used in malware analysis?
- IDA Pro
- VirusTotal
- Anubis
- Threat Analyzer

Answer 47

Determining what files were added, changed, or deleted

Question 48

What is meant “sheepdip”?

Answer 48

System that is used to analyse malware before it is introduced to other computers or network.

Question 49

What type of malware is Stuxnet?

Answer 49

Worm.

Question 50

What type of malware is Lemon Duck?

Answer 50

Botnet.

Question 51

What type of malware is Mirai

Answer 51

Botnet.

Question 52

What type of malware is Prometei?

Answer 52

Botnet.

Question 53

What is a Logic Bomb malware?

Answer 53

Malware that’s been placed and waits for programmed condition to trigger for execution.

Question 54

What is Botnet?

Answer 54

Network of infected zombie hosts, used for distributed attacks.

Question 55

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

Answer 55

Attaching itself to the master boot record in a hard drive and changing the machine’s boot sequence/options

Question 56

What type of malware is Morris?

Answer 56

Worm

Question 57

What type of malware is Code Red?

Answer 57

Worm