ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 207 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 207
Topic #: 1
[All 312-50v12 Questions]

A multinational corporation's computer system was infiltrated by an advanced persistent threat (APT). During forensic analysis, it was discovered that the malware was utilizing a blend of two highly sophisticated techniques to stay undetected and continue its operations.

Firstly, the malware was embedding its harmful code into the actual binary or executable part of genuine system files rather than appending or prepending itself to the files. This made it exceptionally difficult to detect and eradicate, as doing so risked damaging the system files themselves.

Secondly, the malware exhibited characteristics of a type of malware that changes its code as it propagates, making signature-based detection approaches nearly impossible.

On top of these, the malware maintained a persistent presence by installing itself in the registry, making it able to survive system reboots.

Given these distinctive characteristics, which two types of malware techniques does this malware most closely embody?

  • A. Polymorphic and Metamorphic malware
  • B. Polymorphic and Macro malware
  • C. Macro and Rootkit malware
  • D. Metamorphic and Rootkit malware
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
agelbahri
2 months ago
Selected Answer: A
the key focus of the question lies in its advanced evasion methods through code alteration. Rootkits don't inherently alter their code like Polymorphic or Metamorphic malware do.
upvoted 1 times
...
skorek31
3 months, 2 weeks ago
Selected Answer: D
Metamorphic → evades detection by rewriting its own code with every iteration, making it new and unique from its previous code. This malware doesn`t use any encryption keys Polymorphic → continually changes its features using dynamic encryption keys, making each iteration appear different, malware in the question doesn’t use encryption keys
upvoted 1 times
...
49f4430
5 months, 3 weeks ago
Selected Answer: A
For mw chat GPT say A, i will go for A
upvoted 1 times
...
LordXander
7 months, 2 weeks ago
Selected Answer: A
Guys...it's A for the following reasons: Polymorphic as it hides as a genuine executable (polymorphic capabilities) Metamorphic - the malware changes it's code. It could've been C if it mentioned that it was not seen by antivirus solutions as rootkits would run at a lower lever (higher priveleges) than antivirus and would be undetectable.
upvoted 2 times
LordXander
7 months, 1 week ago
It's actually D, because it is not polymorphic if it is just embedding into a file; metamorphic capabilities (changing de code as it propegades) and rootkit capabilities (registry install)
upvoted 2 times
...
...
anarchyeagle
8 months, 3 weeks ago
ChatGPT Why not D: D. Metamorphic and Rootkit malware: While the malware does exhibit metamorphic characteristics, and its persistence could be seen as rootkit-like, the description focuses more on the malware's ability to change its code and embed itself in system files, which are hallmarks of polymorphic and metamorphic malware. Rootkits primarily focus on hiding the presence of malware, which, while possibly a feature of this malware, is not explicitly described in the scenario.
upvoted 1 times
...
qwerty100
9 months ago
Selected Answer: D
D. Metamorphic and Rootkit malware
upvoted 4 times
qtygbapjpesdayazko
8 months ago
This is the way is a Metamorphic and a Rootkit malware
upvoted 1 times
...
...
xbsumz
9 months, 1 week ago
Ethical hacking experts can you verify this procedure
upvoted 2 times
...
insaniunt
9 months, 1 week ago
Selected Answer: D
Polymorphic: The malware changes its code as it propagates, making signature-based detection approaches nearly impossible. This aligns with the characteristics of polymorphic malware. Rootkit: The malware installs itself in the registry, ensuring a persistent presence and the ability to survive system reboots. This behavior is typical of rootkit malware, which often hides its presence and maintains control over the compromised system by integrating itself deeply into the operating system, often in the registry or kernel lev
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago