Miscellaneous Quiz / DefenseEncryptedOligo

Random Miscellaneous Quiz

Can you name the DefenseMid3?

Quiz not verified by Sporcle

Forced Order
Score 0/31 Timer 15:00
the DOS virus ____ was the first encrypted virus, came out around 1990, and uses XOR encryption
When an early virus would XOR code with its own address, this is an example of what virus technique
Why is using the main loop of the decryptor as a subject for pattern-based detection a bad idea? Because many different viruses use the same _____ _____ and have totally different
This was the first oligomorphic virus and carried sev. decryptors in its body as data; when replicating, selects 1 at rand. and deposited body and decrypt. in target file
A more common approach to simil in virus code evolution is mutating the ___ ___ itself and using ___ ___
The three classification of viruses based on the degree of variety they produce during evolution by mutation: (in abc order)
code patterns can be obfuscated with ____ instructions
The Cascade virus uses the stack pointer as counter. As this is an anti-debugging technique, cascade is therefore an ______ _____
____, ____, or ____ analyses are need to produce the decrypted virus for analysis (in abc order)
what does SDT stand for?
This class. of viruses can produce a few dozen decryptors; they selct one at random when replicating
These are two common approaches for detecting encrypted viruses that use stack allocation, making itself look like an anti-debug wrapper, same length as unrelated viruses, etc...
Simile in terms of virus code evolution means that each time it replicates, it generates a different ___ ___ ___ ___ in the decryptor
Wn 95's ___ and ___ were the first viruses that used real 32-bit polymorphoc engines
the best attack upon a simple encrupted virus is to detect the _____ _____ of the _____
Win95/Mad abd win95/Zombie use the same techniques as the ___ virus cascade but have a 32-bit implementation
While the OS can disallow in place decyption of virus code and in heap decryption is easy to detect pattern wise, ____ is the stealthiest choice
Unliked ___ viruses, ___ viruses do change their decryptors in new generations
Win95's ___ virus had the abilitynto build 96 different decryptor patterns; its detection is based on the constant code of the decrypted virus body
defeating pattern based virus detection is a goal of which virus technique
What does rda stand for?
this decodes a program into a buffer as it runs
Decryptor has three locations in which it can decrypt the virus code:
this class. of viruses dynamically generates code rearrangements and rand. inserts junk instruct. to produce mill's of variants
This looks just like the decryptor code for Cascade but is used to prevent reverse engineering of their product (can lead to false positives in virus scanning)
___ viruses can create an endless number of new decryptors that usedifferent encryption methods to encrypt the constant part of the virus body
this can be a no-op or do-nothing instruction, but it can also be an instruct. that uses regs or mem locations that are unused in the decryptor
This was a windows 95 oligomorphic virus that generated 96 diff. decryptos, choosing one at replication time and inserted junk at various points in decryptor code
_____ _______ within the decryptor can produce a good code pattern to match for virus scanning
this class. of viruses apllies polymorph. techniques to entire virus body rather than just to decryptor, so each gen differs greatly from prev; no encryp. necessary to be class. as

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Join for Free
Log In

You Might Also Like...

Show Comments


Created Apr 27, 2011ReportNominate

Top Quizzes Today

Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.

Report this User

Report this user for behavior that violates our Community Guidelines.