CompTIA Security+ Exam: SY0-601 - Malware Detection and Analysis

Identifying Malware Types Based on Log Entries

Prev Question Next Question

Question

A technician suspects that a system has been compromised.

The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll Based solely ono the above information, which of the following types of malware is MOST likely installed on the system?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

Based on the information provided in the log entry, the most likely type of malware installed on the system is a rootkit (option A).

A rootkit is a type of malware that is designed to remain hidden on a computer system and provide unauthorized access to the system or network. A rootkit can modify operating system files, such as user32.dll and kernel32.dll, to hide its presence and provide backdoor access to the system.

The warning message indicates that the hash values of these two critical system files do not match the expected values, which is a strong indication that these files have been tampered with. A hash value is a unique value that is generated based on the contents of a file, and any modification to the file will result in a different hash value.

Ransomware (option B) is a type of malware that encrypts files on a system and demands payment in exchange for the decryption key. Trojan (option C) is a type of malware that disguises itself as a legitimate program to trick users into installing it, but it does not typically modify system files in this way. Backdoor (option D) is a type of malware that creates a secret entry point into a system, but it does not typically modify system files in this way either.

Therefore, the best answer is option A, a rootkit.