Which of the following statements is not TRUE regarding a packed executable 1 The code and data decompressed and the entry point set in the header are obtained of the packed executables and not the original hosts 2 Every API function is dynamically imported 3 The packed executable and original executable have the same PE header 4 The header, stub and compressed data of the executable are directly mapped to the process space Which of the following statements is true regarding Scylla 1 An executable build using Scylla can not be executed alone 2 Scylla can scan for the assembly code in the packed executable file 3 Scylla is an executable packer that can be used to unpack executable files 4 Scylla can dump the executable file to memory and apply IAT info and imports to the executable This will allow for the executable to produce the same results as the original executable file Which statement is not TRUE regarding encrypted data identification 1 Data can be hidden using packers, crypters, obfuscators, protectors, and even SFX tools 2 Volatility with a memory dump can be used as an alternate option for viewing an unpacked file 3 Scylla can be used to rebuild an unpacked state of the packed executable 4 Syllca is able to decode popular encoded data like base 64 This tool might come in useful for encoded data not only in scripts found in websites but in every executable we encounter Which of the following statements is not TRUE regarding native executables 1 Native executables are better known as PE files for Windows and ELF files for Linux 2 Every executable is structured with a header, code section, data section, a stub section and other pertinent sections 3 Native executable files are compiled down to their low level format that is, using assembly language like x86 instructions 4 The header represents how the operating system should map the file (raw) and its sections to the memory (virtual) Which of the following statements is not TRUE regarding Packers, crypters, obfuscators, protectors and SFX 1 Code packing, encrypting and obfuscation techniques are primarily aimed at protecting the program from being reversed 2 Code packing, encrypting and obfuscation techniques work based of the rule that if the original program works properly, it can be reversed 3 Executable files can have the code packed, encrypted and obfuscated but remain executable with all of the program intact 4 Code packing, encrypting and obfuscation techniques are primarily aimed at reversing a program

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 26, 2024

Which of the following statements is not TRUE regarding a packed executable?

1	The code and data decompressed and the entry point set in the header are obtained of the packed executables and not the original hosts.
2	Every API function is dynamically imported.
3	The packed executable and original executable have the same PE header.
4	The header, stub and compressed data of the executable are directly mapped to the process space.

Which of the following statements is true regarding Scylla?

1	An executable build using Scylla can not be executed alone.
2	Scylla can scan for the assembly code in the packed executable file.
3	Scylla is an executable packer that can be used to unpack executable files.
4	Scylla can dump the executable file to memory and apply IAT info and imports to the executable. This will allow for the executable to produce the same results as the original executable file.

Which statement is not TRUE regarding encrypted data identification?

1	Data can be hidden using packers, crypters, obfuscators, protectors, and even SFX tools.
2	Volatility with a memory dump can be used as an alternate option for viewing an unpacked file.
3	Scylla can be used to rebuild an unpacked state of the packed executable.
4	Syllca is able to decode popular encoded data like base-64. This tool might come in useful for encoded data not only in scripts found in websites but in every executable we encounter.

Which of the following statements is not TRUE regarding native executables?

1	Native executables are better known as PE files for Windows and ELF files for Linux.
2	Every executable is structured with a header, code section, data section, a stub section and other pertinent sections.
3	Native executable files are compiled down to their low-level format; that is, using assembly language like x86 instructions.
4	The header represents how the operating system should map the file (raw) and its sections to the memory (virtual).

Which of the following statements is not TRUE regarding Packers, crypters, obfuscators, protectors and SFX?

1	Code packing, encrypting and obfuscation techniques are primarily aimed at protecting the program from being reversed.
2	Code packing, encrypting and obfuscation techniques work based of the rule that if the original program works properly, it can be reversed.
3	Executable files can have the code packed, encrypted and obfuscated but remain executable with all of the program intact.
4	Code packing, encrypting and obfuscation techniques are primarily aimed at reversing a program.