Miscellaneous Quiz / DefensePolyAndMetamorphic

Random Miscellaneous Quiz

Can you name the DefensePolyAndMetamorphic?

Quiz not verified by Sporcle

Forced Order
Also try: Click Be A Lady
Score 0/41 Timer 10:00
What does MSIL stand for
True/false: theres a level of metamorphisis beyond which no reasonable num of strings can be used to detect code that a virus contains, thus requires other analysis techniques
Whereas a(n) _____ virus might creat dozens of decryptor variants during replication, a(n) ___ virus creates millons of decryptors
This was the first polymorphic virus, and was created for DOS in 1990
This technique makes the virus body a moving target for analysis as it propogates around the world.
This virus relied on generating variants of code obfuscation sequences in the decryptor rather than inserting junk instructions
_____ ____ are particularly important to pattern-based scanners, so a metamorphic engine that can mutate constants from one generation to the next makes pattern based static analys
These can transform an encrypted virus into a polymorphic virus
The ____ virus was meant to show AV researchers that string-based scanners weren't sufficient to identify viruses
True/false: most poly viruses decrypt themselves to a single constant virus body in mem. Meta viruses do nit. Thus detection needs to be algorithmic
This was a windows 95 metamorphic virus released in dec, 1998. The metamorphism was restricted to register replacement
____ are body polymorphics
The 1998 win95 ___ virus uses different registers but the same code;ie implements metamorphisis via reg usage exchange
What does rpme stand for
This type of virus had been defined as a body-polymorphic virus; polymorphic techniques are used to mutate the virus body, not just a decryptor
True/false: the metamorphic viruses: badboy has eight subroutines thus 8! Diff generation and ghost has tenso 10! Generation
This win95 virus not only mutates itself in new generations, also mutates the code of its host by a randomly executed code morphing routine; entry point code permutation
This 2000 virus uses a metamorphic engine which, as it replicates, makes a few changes each gen, but the AV scanner code patterns change alot through constant mutation
This virus family used a method known from a DOS virus: reorder indivdual instructs and insert jumps to retain the code functionality
within the 1260 virus (polymorphic), the three sources of decryptor diversity were:
This win95 virus appeared in 2000 and directly reorders the instructions in its own code through inserting jmp instructions
This is a code replicator that has evolutionary heuristics built in, such as change arithmetic/load-store instruct's to equiv instructs, insert junk instructs, reorder instructs...
These do not use a constant data area filled with string constants but have one single code body that carries data as code
This metamorphic virus appeared in early 2000 with a unique approach; many small virus code subroutines are added at the end of a PE file; can be detected through emulators
This win32virus appeared in 2000 and implemented a metamorphic engine; makes new generations with recalculated/encrypted constant data
This was the first metamorphic virus on DOS, and its code generator made a new version of the virus body on each replication. Did not use encryption tho
The first mutation engine was called ___ and came out in 1991
This is a source code metamorphic virus that injects source code junk instructiions into a c-language virus and invokes c compiler
This mutation engine was a modular design that accepted various size and target file location parameters, a virus, a decrypt or, a pointer, etc
A source code metamorphic virus can operate on MSIL code and invoke the .NET framework to compile it. t/F
A ___ is an application that simulates the behavior of a cpu. It allows virus code to execute in an environment from which it cannot escape. Examines code periodically or when part
Three metamorphic virus detection techniques: (abc order)
____ do not have a decryptor, nor a constant virus body. But they are able to creat varying new generations.
This mutation engine generated the polymorphic wrapper code to surround the virus code and replicate is polymorphicallly
A key difference b/w poly&metamorphic viruses: ___ all mutate the decryptor while ____might not even have a decryptor
True/false: the permutation for the zmist virus is fairly slow because its only done once per infection of a machine
This was one of the most complex binary viruses ever written. It is an entry pt obscuring virus that is metamorphic. The virus rand uses an additional polymorphic decryptor
At the end of1999, the win32 ___ trojen was developed. Implements a semi-metamorphic technique to install a backdoor to the system

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Sign Up with Email
Log In

You Might Also Like...

Show Comments


Top Quizzes Today

Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.