Miscellaneous Quiz / DefensePolyAndMetamorphic

Random Miscellaneous Quiz

Can you name the DefensePolyAndMetamorphic?

Quiz not verified by Sporcle

Forced Order
Also try: Fruit Guts
Challenge
Share
Tweet
Embed
Score 0/41 Timer 10:00
hints
within the 1260 virus (polymorphic), the three sources of decryptor diversity were:
These can transform an encrypted virus into a polymorphic virus
_____ ____ are particularly important to pattern-based scanners, so a metamorphic engine that can mutate constants from one generation to the next makes pattern based static analys
A source code metamorphic virus can operate on MSIL code and invoke the .NET framework to compile it. t/F
The ____ virus was meant to show AV researchers that string-based scanners weren't sufficient to identify viruses
Whereas a(n) _____ virus might creat dozens of decryptor variants during replication, a(n) ___ virus creates millons of decryptors
The 1998 win95 ___ virus uses different registers but the same code;ie implements metamorphisis via reg usage exchange
These do not use a constant data area filled with string constants but have one single code body that carries data as code
 
A key difference b/w poly&metamorphic viruses: ___ all mutate the decryptor while ____might not even have a decryptor
True/false: the permutation for the zmist virus is fairly slow because its only done once per infection of a machine
This mutation engine was a modular design that accepted various size and target file location parameters, a virus, a decrypt or, a pointer, etc
True/false: the metamorphic viruses: badboy has eight subroutines thus 8! Diff generation and ghost has tenso 10! Generation
This virus relied on generating variants of code obfuscation sequences in the decryptor rather than inserting junk instructions
This was the first polymorphic virus, and was created for DOS in 1990
The first mutation engine was called ___ and came out in 1991
____ are body polymorphics
A ___ is an application that simulates the behavior of a cpu. It allows virus code to execute in an environment from which it cannot escape. Examines code periodically or when part
This metamorphic virus appeared in early 2000 with a unique approach; many small virus code subroutines are added at the end of a PE file; can be detected through emulators
What does rpme stand for
This is a source code metamorphic virus that injects source code junk instructiions into a c-language virus and invokes c compiler
hints
____ do not have a decryptor, nor a constant virus body. But they are able to creat varying new generations.
This was a windows 95 metamorphic virus released in dec, 1998. The metamorphism was restricted to register replacement
This win95 virus appeared in 2000 and directly reorders the instructions in its own code through inserting jmp instructions
At the end of1999, the win32 ___ trojen was developed. Implements a semi-metamorphic technique to install a backdoor to the system
Three metamorphic virus detection techniques: (abc order)
This mutation engine generated the polymorphic wrapper code to surround the virus code and replicate is polymorphicallly
True/false: theres a level of metamorphisis beyond which no reasonable num of strings can be used to detect code that a virus contains, thus requires other analysis techniques
This was one of the most complex binary viruses ever written. It is an entry pt obscuring virus that is metamorphic. The virus rand uses an additional polymorphic decryptor
This virus family used a method known from a DOS virus: reorder indivdual instructs and insert jumps to retain the code functionality
This type of virus had been defined as a body-polymorphic virus; polymorphic techniques are used to mutate the virus body, not just a decryptor
This win95 virus not only mutates itself in new generations, also mutates the code of its host by a randomly executed code morphing routine; entry point code permutation
This is a code replicator that has evolutionary heuristics built in, such as change arithmetic/load-store instruct's to equiv instructs, insert junk instructs, reorder instructs...
This 2000 virus uses a metamorphic engine which, as it replicates, makes a few changes each gen, but the AV scanner code patterns change alot through constant mutation
This was the first metamorphic virus on DOS, and its code generator made a new version of the virus body on each replication. Did not use encryption tho
 
What does MSIL stand for
This technique makes the virus body a moving target for analysis as it propogates around the world.
This win32virus appeared in 2000 and implemented a metamorphic engine; makes new generations with recalculated/encrypted constant data
 
True/false: most poly viruses decrypt themselves to a single constant virus body in mem. Meta viruses do nit. Thus detection needs to be algorithmic

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
Sign Up with Email
OR
Log In

You Might Also Like...

Show Comments

Extras

Top Quizzes Today


Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.