Miscellaneous Quiz / DefensePolyAndMetamorphic

Random Miscellaneous Quiz

Can you name the DefensePolyAndMetamorphic?

 Plays Quiz not verified by Sporcle

Forced Order
Also try: Making Pancakes
Score 0/41 Timer 10:00
This win32virus appeared in 2000 and implemented a metamorphic engine; makes new generations with recalculated/encrypted constant data
This technique makes the virus body a moving target for analysis as it propogates around the world.
Three metamorphic virus detection techniques: (abc order)
This was the first metamorphic virus on DOS, and its code generator made a new version of the virus body on each replication. Did not use encryption tho
This win95 virus appeared in 2000 and directly reorders the instructions in its own code through inserting jmp instructions
____ are body polymorphics
What does rpme stand for
True/false: the metamorphic viruses: badboy has eight subroutines thus 8! Diff generation and ghost has tenso 10! Generation
This metamorphic virus appeared in early 2000 with a unique approach; many small virus code subroutines are added at the end of a PE file; can be detected through emulators
This mutation engine generated the polymorphic wrapper code to surround the virus code and replicate is polymorphicallly
These do not use a constant data area filled with string constants but have one single code body that carries data as code
This 2000 virus uses a metamorphic engine which, as it replicates, makes a few changes each gen, but the AV scanner code patterns change alot through constant mutation
This win95 virus not only mutates itself in new generations, also mutates the code of its host by a randomly executed code morphing routine; entry point code permutation
This was one of the most complex binary viruses ever written. It is an entry pt obscuring virus that is metamorphic. The virus rand uses an additional polymorphic decryptor
A ___ is an application that simulates the behavior of a cpu. It allows virus code to execute in an environment from which it cannot escape. Examines code periodically or when part
The first mutation engine was called ___ and came out in 1991
These can transform an encrypted virus into a polymorphic virus
True/false: most poly viruses decrypt themselves to a single constant virus body in mem. Meta viruses do nit. Thus detection needs to be algorithmic
A key difference b/w poly&metamorphic viruses: ___ all mutate the decryptor while ____might not even have a decryptor
This is a code replicator that has evolutionary heuristics built in, such as change arithmetic/load-store instruct's to equiv instructs, insert junk instructs, reorder instructs...
At the end of1999, the win32 ___ trojen was developed. Implements a semi-metamorphic technique to install a backdoor to the system
A source code metamorphic virus can operate on MSIL code and invoke the .NET framework to compile it. t/F
True/false: the permutation for the zmist virus is fairly slow because its only done once per infection of a machine
What does MSIL stand for
This was the first polymorphic virus, and was created for DOS in 1990
This virus relied on generating variants of code obfuscation sequences in the decryptor rather than inserting junk instructions
This type of virus had been defined as a body-polymorphic virus; polymorphic techniques are used to mutate the virus body, not just a decryptor
This virus family used a method known from a DOS virus: reorder indivdual instructs and insert jumps to retain the code functionality
This was a windows 95 metamorphic virus released in dec, 1998. The metamorphism was restricted to register replacement
The 1998 win95 ___ virus uses different registers but the same code;ie implements metamorphisis via reg usage exchange
within the 1260 virus (polymorphic), the three sources of decryptor diversity were:
Whereas a(n) _____ virus might creat dozens of decryptor variants during replication, a(n) ___ virus creates millons of decryptors
_____ ____ are particularly important to pattern-based scanners, so a metamorphic engine that can mutate constants from one generation to the next makes pattern based static analys
The ____ virus was meant to show AV researchers that string-based scanners weren't sufficient to identify viruses
This mutation engine was a modular design that accepted various size and target file location parameters, a virus, a decrypt or, a pointer, etc
This is a source code metamorphic virus that injects source code junk instructiions into a c-language virus and invokes c compiler
____ do not have a decryptor, nor a constant virus body. But they are able to creat varying new generations.
True/false: theres a level of metamorphisis beyond which no reasonable num of strings can be used to detect code that a virus contains, thus requires other analysis techniques

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Log In

You Might Also Like...

Show Comments


Created Apr 27, 2011ReportNominate

Top Quizzes Today

Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.

Report this User

Report this user for behavior that violates our Community Guidelines.