Which virus type mutates its decryption routine with every infection, altering its signature but not necessarily rewriting the entire code?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which virus type mutates its decryption routine with every infection, altering its signature but not necessarily rewriting the entire code?

Explanation:
Mutating the decryption routine with every infection is the hallmark of polymorphic viruses. They keep the same payload and behavior, but bundle it with a different decryptor each time, often changing the encryption key as well. This means the binary signature—especially the part that identifies the decryptor—looks different on each infection, making static signature-based detection much harder. The essential advantage for the virus is that the core malicious action remains the same, but the outward form keeps shifting, which confuses simple pattern matching. Metamorphic viruses, by contrast, rewrite their entire code body with every infection, so the whole program can look completely different each time, not just the decryptor. Oligomorphic viruses use only a small set of decryptors, causing limited variation rather than a new form every time. Transmorphic concepts vary in how they mutate code, but the classic distinction this question targets is that polymorphic viruses mutate the decryption routine while preserving the payload.

Mutating the decryption routine with every infection is the hallmark of polymorphic viruses. They keep the same payload and behavior, but bundle it with a different decryptor each time, often changing the encryption key as well. This means the binary signature—especially the part that identifies the decryptor—looks different on each infection, making static signature-based detection much harder. The essential advantage for the virus is that the core malicious action remains the same, but the outward form keeps shifting, which confuses simple pattern matching.

Metamorphic viruses, by contrast, rewrite their entire code body with every infection, so the whole program can look completely different each time, not just the decryptor. Oligomorphic viruses use only a small set of decryptors, causing limited variation rather than a new form every time. Transmorphic concepts vary in how they mutate code, but the classic distinction this question targets is that polymorphic viruses mutate the decryption routine while preserving the payload.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy