Seat No.: ________ Enrolment No.

___________

GUJARAT TECHNOLOGICAL UNIVERSITY

ME – SEMESTER II – EXAMINATION – SUMMER - 2018

Subject Code:2725908 Date:25/05/2018

Subject Name: Malware Analysis
Time: 02:30 PM TO 05:00PM Total Marks: 70

Instructions:
1. Attempt all questions.
2. Make suitable assumptions wherever necessary.
3. Figures to the right indicate full marks.

Q.1 (a) Define the following terms 07

(1)Viruses (2)Worms (3)Rootkits (4)Trojans (5) Bots (6)Spyware
(7) Adware
(b) Explain x86 Architecture in detail. 07
Q.2 (a) Explain reverse engineering of x86 Architecture in detail. 07
(b) Explain packet sniffing in Wireshark 07
OR
(b) Explain fingerprinting of malware. 07
Q.3 (a) 1. Explain C++ analysis in short. 04
2. Difference between static and dynamic malware analysis. 03
(b) Define the following: 07
(1) Breakpoint (2) Tracing (3) Exception handling (4) Patching
(5) Live malware analysis (6) dead malware analysis (7) Logic bombs
OR
Q.3 (a) Explain PE file headers and Sections. 07
(b) Explain anti-dynamic analysis techniques. 07
Q.4 (a) Explain signature based malware techniques. 07
(b) 1. Define : downloaders and backdoor 02
2. Explain privilege escalation 02
3. Explain covert malware launching 03
OR
Q.4 (a) 1. Explain Kernel Vs User mode debugging. 04
2. Explain OllyDbg. 03
(b) 1. Explain OS security concepts 04
2. Evolution Malware. 03
Q.5 (a) Explain Android malware characterization. 07
(b) Explain non signature based malware techniques. 07
OR
Q.5 (a) Explain a case study on android malware 07
(b) 1. Explain analyzing of Window programs. 04
2. Explain Portable Executable file format 03

*************