Miscellaneous Quiz / DefenseEncryptedOligo

Random Miscellaneous Quiz

Can you name the DefenseMid3?

Quiz not verified by Sporcle

Forced Order
Challenge
Share
Tweet
Embed
Score 0/31 Timer 15:00
hints
Unliked ___ viruses, ___ viruses do change their decryptors in new generations
While the OS can disallow in place decyption of virus code and in heap decryption is easy to detect pattern wise, ____ is the stealthiest choice
what does SDT stand for?
the best attack upon a simple encrupted virus is to detect the _____ _____ of the _____
this class. of viruses apllies polymorph. techniques to entire virus body rather than just to decryptor, so each gen differs greatly from prev; no encryp. necessary to be class. as
 
Wn 95's ___ and ___ were the first viruses that used real 32-bit polymorphoc engines
The Cascade virus uses the stack pointer as counter. As this is an anti-debugging technique, cascade is therefore an ______ _____
These are two common approaches for detecting encrypted viruses that use stack allocation, making itself look like an anti-debug wrapper, same length as unrelated viruses, etc...
This was the first oligomorphic virus and carried sev. decryptors in its body as data; when replicating, selects 1 at rand. and deposited body and decrypt. in target file
Win95's ___ virus had the abilitynto build 96 different decryptor patterns; its detection is based on the constant code of the decrypted virus body
What does rda stand for?
When an early virus would XOR code with its own address, this is an example of what virus technique
Decryptor has three locations in which it can decrypt the virus code:
this class. of viruses dynamically generates code rearrangements and rand. inserts junk instruct. to produce mill's of variants
_____ _______ within the decryptor can produce a good code pattern to match for virus scanning
hints
defeating pattern based virus detection is a goal of which virus technique
this decodes a program into a buffer as it runs
this can be a no-op or do-nothing instruction, but it can also be an instruct. that uses regs or mem locations that are unused in the decryptor
This was a windows 95 oligomorphic virus that generated 96 diff. decryptos, choosing one at replication time and inserted junk at various points in decryptor code
Win95/Mad abd win95/Zombie use the same techniques as the ___ virus cascade but have a 32-bit implementation
The three classification of viruses based on the degree of variety they produce during evolution by mutation: (in abc order)
____, ____, or ____ analyses are need to produce the decrypted virus for analysis (in abc order)
the DOS virus ____ was the first encrypted virus, came out around 1990, and uses XOR encryption
Simile in terms of virus code evolution means that each time it replicates, it generates a different ___ ___ ___ ___ in the decryptor
This class. of viruses can produce a few dozen decryptors; they selct one at random when replicating
A more common approach to simil in virus code evolution is mutating the ___ ___ itself and using ___ ___
code patterns can be obfuscated with ____ instructions
___ viruses can create an endless number of new decryptors that usedifferent encryption methods to encrypt the constant part of the virus body
This looks just like the decryptor code for Cascade but is used to prevent reverse engineering of their product (can lead to false positives in virus scanning)
Why is using the main loop of the decryptor as a subject for pattern-based detection a bad idea? Because many different viruses use the same _____ _____ and have totally different

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Sign Up with Email
OR
Log In

You Might Also Like...

Show Comments

Extras

Top Quizzes Today


Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.