GIAC Reverse Engineering Malware - GREM FREE EXAM DUMPS QUESTIONS & ANSWERS
Which outcome indicates successful deobfuscation of malicious JavaScript?
Correct Answer: B
Vote an answer
Which of the following dynamic analysis tools is used to trace and debug malware execution?
Correct Answer: D
Vote an answer
Which of the following is a potential indicator that an Office macro is attempting to download additional payloads?
Correct Answer: A
Vote an answer
Which method can be used by malware to persist in Office documents through macros?
Correct Answer: A
Vote an answer
You are analyzing a malware sample that appears to inject malicious code into the explorer.exe process. During execution, the malware creates a remote thread in explorer.exe and uses API calls to manipulate its memory.
How would you proceed with the analysis? (Choose three)
How would you proceed with the analysis? (Choose three)
Correct Answer: B,C,D
Vote an answer
During static analysis of a suspicious executable, you notice it imports only LoadLibraryA and GetProcAddress. What is the MOST likely reason?
Correct Answer: A
Vote an answer
Which of the following tools is commonly used for basic static analysis of malware?
Correct Answer: C
Vote an answer
You are analyzing a suspicious Office document received as an email attachment. Upon opening, you notice the document attempts to run a macro that accesses external servers and makes changes to the registry.
Which of the following actions should be taken to confirm the malicious intent of the macro?
(Choose three)
Which of the following actions should be taken to confirm the malicious intent of the macro?
(Choose three)
Correct Answer: B,D,E
Vote an answer
What is a key indicator that JavaScript code has been obfuscated?
Correct Answer: A
Vote an answer
Which of the following statements is true when dealing with malware that employs misdirection through code restructuring?
Correct Answer: A
Vote an answer
Which condition MOST strongly confirms reflective DLL loading?
Correct Answer: D
Vote an answer
Which tool is most commonly used to analyze JavaScript embedded within a malicious PDF?
Correct Answer: D
Vote an answer
You are analyzing a malware sample in IDA Pro and identify a suspicious function written in assembly. The function uses multiple PUSH and MOV instructions and ends with a RET. How would you proceed to understand the function's purpose? (Choose three)
Correct Answer: B,C,E
Vote an answer
Which of the following is a fundamental step in malware analysis before executing a sample?
Correct Answer: B
Vote an answer
Which tool is BEST suited for analyzing stack traces during a debugger session?
Correct Answer: B
Vote an answer