Miscellaneous Quiz / DefenseEncryptedOligo

Random Miscellaneous Quiz

Can you name the DefenseMid3?

Quiz not verified by Sporcle

Forced Order
Also try: Hidden Names
Score 0/31 Timer 15:00
Decryptor has three locations in which it can decrypt the virus code:
____, ____, or ____ analyses are need to produce the decrypted virus for analysis (in abc order)
Why is using the main loop of the decryptor as a subject for pattern-based detection a bad idea? Because many different viruses use the same _____ _____ and have totally different
the DOS virus ____ was the first encrypted virus, came out around 1990, and uses XOR encryption
This was a windows 95 oligomorphic virus that generated 96 diff. decryptos, choosing one at replication time and inserted junk at various points in decryptor code
what does SDT stand for?
this class. of viruses apllies polymorph. techniques to entire virus body rather than just to decryptor, so each gen differs greatly from prev; no encryp. necessary to be class. as
___ viruses can create an endless number of new decryptors that usedifferent encryption methods to encrypt the constant part of the virus body
Simile in terms of virus code evolution means that each time it replicates, it generates a different ___ ___ ___ ___ in the decryptor
When an early virus would XOR code with its own address, this is an example of what virus technique
code patterns can be obfuscated with ____ instructions
_____ _______ within the decryptor can produce a good code pattern to match for virus scanning
Win95's ___ virus had the abilitynto build 96 different decryptor patterns; its detection is based on the constant code of the decrypted virus body
defeating pattern based virus detection is a goal of which virus technique
This looks just like the decryptor code for Cascade but is used to prevent reverse engineering of their product (can lead to false positives in virus scanning)
this decodes a program into a buffer as it runs
These are two common approaches for detecting encrypted viruses that use stack allocation, making itself look like an anti-debug wrapper, same length as unrelated viruses, etc...
What does rda stand for?
the best attack upon a simple encrupted virus is to detect the _____ _____ of the _____
this can be a no-op or do-nothing instruction, but it can also be an instruct. that uses regs or mem locations that are unused in the decryptor
A more common approach to simil in virus code evolution is mutating the ___ ___ itself and using ___ ___
This class. of viruses can produce a few dozen decryptors; they selct one at random when replicating
this class. of viruses dynamically generates code rearrangements and rand. inserts junk instruct. to produce mill's of variants
Win95/Mad abd win95/Zombie use the same techniques as the ___ virus cascade but have a 32-bit implementation
This was the first oligomorphic virus and carried sev. decryptors in its body as data; when replicating, selects 1 at rand. and deposited body and decrypt. in target file
The three classification of viruses based on the degree of variety they produce during evolution by mutation: (in abc order)
Wn 95's ___ and ___ were the first viruses that used real 32-bit polymorphoc engines
While the OS can disallow in place decyption of virus code and in heap decryption is easy to detect pattern wise, ____ is the stealthiest choice
Unliked ___ viruses, ___ viruses do change their decryptors in new generations
The Cascade virus uses the stack pointer as counter. As this is an anti-debugging technique, cascade is therefore an ______ _____

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Sign Up with Email
Log In

You Might Also Like...

Show Comments


Top Quizzes Today

Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.