Cybersecurity Defense > Malware Analysis Practical > Flashcards

Malware Analysis Practical Flashcards

(15 cards)

Study These Flashcards
1
Q

How to trick malware so it perceives the sandbox as a regular user computer?

A
  • make the VM look as real as possible
  • install common end-user software
  • open multiple files and documents
  • don’t install VM guest tools
  • trick the malware into thinking it is online
    • malware typically tries to do a DNS resolution of common websites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How should be the malware analysis VM set up?

A

host-only networking mode and segmented from the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What steps should you go through when creating a VM for malware analysis?

A
  • install OS and patches
  • install and run the analysis tools
  • set up a host-only networking
  • do additional maintenance tasks to make the system ready
  • create a snapshot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What questions should you answer during a static analysis?

A
  • What kind of file is it?
  • Is any information already known about it?
  • What do the embedded strings tell about it?
  • Is there anything unusual in the PE header?
  • Is it packed? If so, what packer?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which three tools are used for file type identification?

A
  1. file
  2. Exeinfo PE
  3. TrID
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does TrID analyze in order to determine the actual file format?

A

the actual data within the file to determine its format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is TrID useful in malware analysis?

A

analyze unknown or suspicious files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

On which platform is TrID primarily used?

A

Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How to use TrID?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are cryptographic hashes used in malware analysis?

A
  • organize and indentify specific samples instead of using names
  • find additional information online
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the name of a an app that can calculate several different cryptographic hashes for a file?

A

Compute Hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the tool from Microsoft used to analyze strings?

A

Strings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Does Strings extract both ASCII and Unicode strings at the same time?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the minimum strings length by default in Strings?

A

3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
Cybersecurity Defense
flashcards
Decks in class (17)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions