Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 207 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 207
Topic #: 1
[All 312-50v12 Questions]

A multinational corporation's computer system was infiltrated by an advanced persistent threat (APT). During forensic analysis, it was discovered that the malware was utilizing a blend of two highly sophisticated techniques to stay undetected and continue its operations.

Firstly, the malware was embedding its harmful code into the actual binary or executable part of genuine system files rather than appending or prepending itself to the files. This made it exceptionally difficult to detect and eradicate, as doing so risked damaging the system files themselves.

Secondly, the malware exhibited characteristics of a type of malware that changes its code as it propagates, making signature-based detection approaches nearly impossible.

On top of these, the malware maintained a persistent presence by installing itself in the registry, making it able to survive system reboots.

Given these distinctive characteristics, which two types of malware techniques does this malware most closely embody?

  • A. Polymorphic and Metamorphic malware
  • B. Polymorphic and Macro malware
  • C. Macro and Rootkit malware
  • D. Metamorphic and Rootkit malware
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
49f4430
6 months ago
Selected Answer: A
For mw chat GPT say A, i will go for A
upvoted 1 times
...
LordXander
7 months, 3 weeks ago
Selected Answer: A
Guys...it's A for the following reasons: Polymorphic as it hides as a genuine executable (polymorphic capabilities) Metamorphic - the malware changes it's code. It could've been C if it mentioned that it was not seen by antivirus solutions as rootkits would run at a lower lever (higher priveleges) than antivirus and would be undetectable.
upvoted 2 times
LordXander
7 months, 2 weeks ago
It's actually D, because it is not polymorphic if it is just embedding into a file; metamorphic capabilities (changing de code as it propegades) and rootkit capabilities (registry install)
upvoted 2 times
...
...
anarchyeagle
8 months, 4 weeks ago
ChatGPT Why not D: D. Metamorphic and Rootkit malware: While the malware does exhibit metamorphic characteristics, and its persistence could be seen as rootkit-like, the description focuses more on the malware's ability to change its code and embed itself in system files, which are hallmarks of polymorphic and metamorphic malware. Rootkits primarily focus on hiding the presence of malware, which, while possibly a feature of this malware, is not explicitly described in the scenario.
upvoted 1 times
...
qwerty100
9 months, 1 week ago
Selected Answer: D
D. Metamorphic and Rootkit malware
upvoted 4 times
qtygbapjpesdayazko
8 months, 1 week ago
This is the way is a Metamorphic and a Rootkit malware
upvoted 1 times
...
...
xbsumz
9 months, 2 weeks ago
Ethical hacking experts can you verify this procedure
upvoted 2 times
...
insaniunt
9 months, 2 weeks ago
Selected Answer: D
Polymorphic: The malware changes its code as it propagates, making signature-based detection approaches nearly impossible. This aligns with the characteristics of polymorphic malware. Rootkit: The malware installs itself in the registry, ensuring a persistent presence and the ability to survive system reboots. This behavior is typical of rootkit malware, which often hides its presence and maintains control over the compromised system by integrating itself deeply into the operating system, often in the registry or kernel lev
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel