Miscellaneous Quiz / DefenseEncryptedOligo

Random Miscellaneous Quiz

Can you name the DefenseMid3?

 Plays Quiz not verified by Sporcle

Forced Order
Score 0/31 Timer 15:00
A more common approach to simil in virus code evolution is mutating the ___ ___ itself and using ___ ___
While the OS can disallow in place decyption of virus code and in heap decryption is easy to detect pattern wise, ____ is the stealthiest choice
This was a windows 95 oligomorphic virus that generated 96 diff. decryptos, choosing one at replication time and inserted junk at various points in decryptor code
Decryptor has three locations in which it can decrypt the virus code:
What does rda stand for?
code patterns can be obfuscated with ____ instructions
When an early virus would XOR code with its own address, this is an example of what virus technique
what does SDT stand for?
These are two common approaches for detecting encrypted viruses that use stack allocation, making itself look like an anti-debug wrapper, same length as unrelated viruses, etc...
the best attack upon a simple encrupted virus is to detect the _____ _____ of the _____
Win95's ___ virus had the abilitynto build 96 different decryptor patterns; its detection is based on the constant code of the decrypted virus body
the DOS virus ____ was the first encrypted virus, came out around 1990, and uses XOR encryption
defeating pattern based virus detection is a goal of which virus technique
this class. of viruses dynamically generates code rearrangements and rand. inserts junk instruct. to produce mill's of variants
Wn 95's ___ and ___ were the first viruses that used real 32-bit polymorphoc engines
Win95/Mad abd win95/Zombie use the same techniques as the ___ virus cascade but have a 32-bit implementation
The three classification of viruses based on the degree of variety they produce during evolution by mutation: (in abc order)
_____ _______ within the decryptor can produce a good code pattern to match for virus scanning
This looks just like the decryptor code for Cascade but is used to prevent reverse engineering of their product (can lead to false positives in virus scanning)
this class. of viruses apllies polymorph. techniques to entire virus body rather than just to decryptor, so each gen differs greatly from prev; no encryp. necessary to be class. as
___ viruses can create an endless number of new decryptors that usedifferent encryption methods to encrypt the constant part of the virus body
This was the first oligomorphic virus and carried sev. decryptors in its body as data; when replicating, selects 1 at rand. and deposited body and decrypt. in target file
The Cascade virus uses the stack pointer as counter. As this is an anti-debugging technique, cascade is therefore an ______ _____
Why is using the main loop of the decryptor as a subject for pattern-based detection a bad idea? Because many different viruses use the same _____ _____ and have totally different
this can be a no-op or do-nothing instruction, but it can also be an instruct. that uses regs or mem locations that are unused in the decryptor
____, ____, or ____ analyses are need to produce the decrypted virus for analysis (in abc order)
This class. of viruses can produce a few dozen decryptors; they selct one at random when replicating
Unliked ___ viruses, ___ viruses do change their decryptors in new generations
this decodes a program into a buffer as it runs
Simile in terms of virus code evolution means that each time it replicates, it generates a different ___ ___ ___ ___ in the decryptor

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Log In

You Might Also Like...

Show Comments


Created Apr 27, 2011ReportNominate

Top Quizzes Today

Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.

Report this User

Report this user for behavior that violates our Community Guidelines.