DefensePolyAndMetamorphic Quiz Stats

 Plays Quiz not verified by Sporcle

Challenge
Share
Tweet
Embed
Score 0/41 Timer 10:00
0 Plays Today
hints % Correct
Whereas a(n) _____ virus might creat dozens of decryptor variants during replication, a(n) ___ virus creates millons of decryptorsoligomorphic polymorphic
100%
This was the first polymorphic virus, and was created for DOS in 1990V2PX
50%
The ____ virus was meant to show AV researchers that string-based scanners weren't sufficient to identify viruses1260
50%
Register replacement
50%
This technique makes the virus body a moving target for analysis as it propogates around the world. Metamorphism
50%
A source code metamorphic virus can operate on MSIL code and invoke the .NET framework to compile it. t/FTrue
50%
This metamorphic virus appeared in early 2000 with a unique approach; many small virus code subroutines are added at the end of a PE file; can be detected through emulatorsZmorph
50%
This is a code replicator that has evolutionary heuristics built in, such as change arithmetic/load-store instruct's to equiv instructs, insert junk instructs, reorder instructs...metamorphic engine
50%
This 2000 virus uses a metamorphic engine which, as it replicates, makes a few changes each gen, but the AV scanner code patterns change alot through constant mutationEvol
50%
This virus family used a method known from a DOS virus: reorder indivdual instructs and insert jumps to retain the code functionalityZperm
50%
____ are body polymorphicsMetamorphics
50%
These do not use a constant data area filled with string constants but have one single code body that carries data as codeMetamorphic
50%
____ do not have a decryptor, nor a constant virus body. But they are able to creat varying new generations.Metamorphic
50%
True/false: the metamorphic viruses: badboy has eight subroutines thus 8! Diff generation and ghost has tenso 10! Generation True
50%
This win32virus appeared in 2000 and implemented a metamorphic engine; makes new generations with recalculated/encrypted constant dataEvol
50%
True
50%
True/false: most poly viruses decrypt themselves to a single constant virus body in mem. Meta viruses do nit. Thus detection needs to be algorithmicTrue
50%
This win95 virus appeared in 2000 and directly reorders the instructions in its own code through inserting jmp instructionsZperm
50%
This was one of the most complex binary viruses ever written. It is an entry pt obscuring virus that is metamorphic. The virus rand uses an additional polymorphic decryptorZmist
50%
True/false: the permutation for the zmist virus is fairly slow because its only done once per infection of a machineTrue
50%
True/false: theres a level of metamorphisis beyond which no reasonable num of strings can be used to detect code that a virus contains, thus requires other analysis techniquesTrue
50%
hints % Correct
True
50%
within the 1260 virus (polymorphic), the three sources of decryptor diversity were:reordering instructions within groups, choosing junk instruction locations, and changing which junk instructions are used
0%
These can transform an encrypted virus into a polymorphic virusMutation engine
0%
The first mutation engine was called ___ and came out in 1991Dark avenger
0%
This mutation engine was a modular design that accepted various size and target file location parameters, a virus, a decrypt or, a pointer, etcMtE
0%
This mutation engine generated the polymorphic wrapper code to surround the virus code and replicate is polymorphicallly MtE
0%
This virus relied on generating variants of code obfuscation sequences in the decryptor rather than inserting junk instructionsMtE
0%
This type of virus had been defined as a body-polymorphic virus; polymorphic techniques are used to mutate the virus body, not just a decryptorMetamorpic
0%
What does MSIL stand forMicrosoft intermediate language
0%
This is a source code metamorphic virus that injects source code junk instructiions into a c-language virus and invokes c compilerApparition
0%
This was the first metamorphic virus on DOS, and its code generator made a new version of the virus body on each replication. Did not use encryption thoACG
0%
A key difference b/w poly&metamorphic viruses: ___ all mutate the decryptor while ____might not even have a decryptorPolymorphic, mtamorphic
0%
This was a windows 95 metamorphic virus released in dec, 1998. The metamorphism was restricted to register replacement Regswap
0%
_____ ____ are particularly important to pattern-based scanners, so a metamorphic engine that can mutate constants from one generation to the next makes pattern based static analysbuilt-in constants
0%
The 1998 win95 ___ virus uses different registers but the same code;ie implements metamorphisis via reg usage exchangeRegswap
0%
What does rpme stand forReal permutating engine
0%
This win95 virus not only mutates itself in new generations, also mutates the code of its host by a randomly executed code morphing routine; entry point code permutationBistro
0%
At the end of1999, the win32 ___ trojen was developed. Implements a semi-metamorphic technique to install a backdoor to the systemSmorph
0%
Three metamorphic virus detection techniques: (abc order)Disassembly,emulation,geometric detection
0%
A ___ is an application that simulates the behavior of a cpu. It allows virus code to execute in an environment from which it cannot escape. Examines code periodically or when partEmulator
0%

You're not logged in!

Compare scores with friends on all Sporcle quizzes.
OR
Log In

You Might Also Like...

Show Comments

Extras

Created Apr 27, 2011ReportNominate

Top Quizzes Today


Score Distribution

Your Account Isn't Verified!

In order to create a playlist on Sporcle, you need to verify the email address you used during registration. Go to your Sporcle Settings to finish the process.

Report this User

Report this user for behavior that violates our Community Guidelines.

Details: