Q. How does polymorphism prolong the analysis process of a malicious program?

View solution

Q. What is the potential weakness of the decryption code in a polymorphic program?

View solution

Q. What is required before entering a function that can be polymorphed?

View solution

Q. What is metamorphism in the context of malware?

View solution

Q. What is the benefit of using metamorphism in malware?

View solution

Q. What is required for a metamorphic engine to work?

View solution

Q. What kind of alterations can be automatically applied to a program by a metamorphic engine?

View solution

Q. What is a metamorphic engine?

View solution

Q. What are some parameters that can be randomized by a metamorphic engine?

View solution

Q. How does reversing a condition affect the program's code?

View solution

Q. What is garbage insertion?

View solution

Q. How can metamorphic engines make malware more difficult to identify?

View solution

Q. What should you do before attempting to analyze malware?

View solution

Q. What is the recommended method for transferring executables to the test system?

View solution

Q. Why is it important to rename the malicious program with a nonexecutable extension?

View solution

Q. What is the Trojan/Backdoor.Hacarmy.D?

View solution

Q. What is the file extension used for screen savers?

View solution

Q. What is the purpose of using a file name like "Webcam Shots.scr" for the Trojan?

View solution

Q. How is the Trojan/Backdoor.Hacarmy.D typically distributed?

View solution

Q. What is the purpose of running an executable through DUMPBIN or a similar program?

View solution