- Tutorials
- Courses
- Tracks
Cyber Quiz Day 46
Question 1
Which of the following best describes the main goal of static malware analysis?
To execute malware in a sandbox and record system changes.
To analyze the malware’s code or binary without running it.
To monitor live network traffic from an infected machine.
To compare logs generated during runtime execution.
Question 2
During static analysis, why is it important to inspect the PE (Portable Executable) header of a Windows file?
It reveals the file’s compression algorithm.
It provides information about compilation date, import/export tables, and architecture.
It identifies network connections the malware will use.
It decrypts the payload directly from memory.
Question 3
What is a strong indicator that a Windows binary might be packed or obfuscated when viewed in PEStudio?
The file has many readable ASCII strings.
Import Table shows only a few generic APIs like
LoadLibraryandGetProcAddress.The file has a digital signature from Microsoft.
The PE header checksum matches exactly.
Question 4
Which of the following hashing algorithms is most commonly used today for file integrity verification in malware analysis?
MD5
SHA-1
SHA-56
DES
Question 5
When comparing two malware samples, which observation indicates they are different variants of the same malware family rather than identical files?
Identical MD5 and SHA-256 hashes
Same file size and timestamp
Different PE file types (one EXE, one DLL)
Same section names, APIs, and strings but different hashes
Question 6
In static malware analysis, how does RegShot help an analyst detect malicious activity after executing a suspicious file?
It provides real-time network packet captures to detect command-and-control communication
It compares system memory dumps before and after malware execution
It generates YARA rules automatically from executable code patterns
It takes registry and file system snapshots before and after execution to identify changes
Question 7
Why is relying only on MD5 hashes for malware detection considered unsafe?
MD5 cannot generate a hash for files larger than 4 GB.
MD5 hashes can produce collisions — different files with the same hash.
MD5 changes every time the file is opened.
MD5 is not supported by most malware databases.
Question 8
In static analysis, extracting readable strings (using the strings command) helps analysts to:
Execute the malware safely.
Disassemble the binary into assembly code.
Bypass encryption used by the malware.
Identify suspicious URLs, registry keys, or commands embedded in the binary.
Question 9
What does a digital signature mismatch in PEStudio typically indicate during malware inspection?
The malware has expired.
The file has been altered or tampered with after signing.
The signature was made with an old hashing algorithm.
The system clock is incorrect.
Question 10
Why is verifying a file’s hash value (like MD5 or SHA256) essential before and after malware analysis?
To check if the file size has changed
To remove malicious code automatically
To compress the file for easier transfer
To ensure file integrity and confirm no tampering occurred
There are 10 questions to complete.