Scribd
Upload
6 views

CE612-HW01

The document is a homework assignment for a course labeled CE612, consisting of multiple-choice questions (MCQs) related to malware analysis, including definitions and characteristics of various types of malware. It also includes practical tasks involving the analysis of PE files using tools like HxD and PEview. Additionally, it covers concepts of static and dynamic analysis, as well as the use of hashing and network activity tools in malware investigation.

Uploaded by

Wajdi Elhamzi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

CE612-HW01

The document is a homework assignment for a course labeled CE612, consisting of multiple-choice questions (MCQs) related to malware analysis, including definitions and characteristics of various types of malware. It also includes practical tasks involving the analysis of PE files using tools like HxD and PEview. Additionally, it covers concepts of static and dynamic analysis, as well as the use of hashing and network activity tools in malware investigation.

Uploaded by

Wajdi Elhamzi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

CE612- Homework 1

Q1) MCQ
1) Choose the correct malware term that masquerades as clean software and is installed on the
victim’s machine with the user’s full knowledge, but the user is not aware of its real malicious
intentions.
A. Keylogger
B. Virus
C. Trojan
D. Spyware
2) Malware that survives by infecting and inserting themselves into other healthy files on the
system is
A. Rootkit
B. Ransomware
C. Downloader
D. Trojan
3) Malware that designed to hide the existence of certain process from normal methods of
detection, to enable continued access to computer.
A. Rootkit
B. Ransomware
C. Downloader
D. Spyware
4) Malicious software collecting information about users without their knowledge/consent is known as:
A. Trojan
B. Backdoor
C. Adware
D. Spyware
5) The static analysis is performed by:
E. Running the malware and monitoring its effect
F. Using a virtual machine and taking snapshots
G. Examining malware without running it
H. Using Regshot and Procmon tools
6) Which three (3) of these are common hashing tools? (Select 3)
A. PEStudio
B. MD5
C. SHA1
D. HxD
E. SHA256

1
7) True or False. When conducting a static analysis, the one of the first steps will be to
execute a sample of the malware in a sandbox
□ True
□ False
8) True or False. Using tools such as DiE and PEiD help you identify the true file type of a
suspected malware.
□True
□ False
9) Hex editors are most useful in looking at which type of files?
A. Text files
B. Word documents
C. Log files
D. Binary files
10) True or False. In dynamic analysis, the primary aim is to gather information about
a piece of malware by running it in a controlled environment.
□True
□ False
11) How do diffing tools like RegShot help you analyze malware?
A. It takes a snap shot of the system registry before and after the malware sample is run so
they can be compared
B. It creates a log of every API call that is made during the execution of a malware sample
C. It looks for malware that is installed and triggered by certain user events, such as logging
in or opening a browser
D. It inspects network packets to show you the data that is being sent and received by the
malware while it is running
12) How do network activity tools like Wireshark and Fiddler help you analyze
malware?

A. It inspects network packets to show you the data that is being sent and received by the
malware while it is running
B. It creates a log of every API call that is made during the execution of a malware sample
C. It takes a snap shot of the system registry before and after the malware sample is run so
they can be compared
D. It looks for malware that is installed and triggered by certain user events, such as logging
in or opening a browser

2
Q2) The suspicious file viewed by HxD tool illustrated by the figure 1

Figure 1: PE file viewed by HxD tool


1) Extract from the PE file the Dos Header.
2)From the dos header, determine the PE Header address.
3)From the PE Header determine:

• The signature
• The machine
• The number of sections
Q3) Analyze the following files A and B (presented by figure 2 and 3) by indicating if the file is
packed or not and determining the sections

3
Figure 2: File A viewed by PEview tool

Figure 3: File B viewed by PEview tool

You might also like