https://tryhackme.com/room/introtoav
Task 1 Introduction
Keine Fragen in diesem Task.
Task 2 Antivirus Software
Frage 1:
What was the virus name that infected John McAfee’s PC?
Antwort 1:
Brain
Frage 2:
Which PC Antivirus vendor implemented the first AV software on the market?
Antwort 2:
McAfee
Frage 3:
Antivirus software is a _____-based security solution.
Antwort 3:
host
Task 3 Antivirus Features
Frage 1:
Which AV feature analyzes malware in a safe and isolated environment?
Antwort 1:
Emulators
Frage 2:
An _______ feature is a process of restoring or decrypting the compressed executable files to the original.
Antwort 2:
unpacker
Task 4 Deploy the VM
Keine Fragen in diesem Task.
Task 5 AV Static Detection
Frage 1:
What is the sigtool tool output to generate an MD5 of the AV-Check.exe binary?
Die Datei AV-Check.exe befindet sich auf dem Desktop, in dem Samples-Ordner. Wir Öffnen also die Kommandozeile und geben folgenden Befehl ein:
"c:\Program Files\ClamAV\sigtool.exe" --md5 C:\Users\thm\Desktop\Samples\AV-Check.exeAntwort 1:
f4a974b0cf25dca7fbce8701b7ab3a88:6144:AV-Check.exe
Frage 2:
Use the strings tool to list all human-readable strings of the AV-Check binary. What is the flag?
Noch immer in der Kommandozeile geben wir jetzt diesen Befehl ein:
strings C:\Users\thm\Desktop\Samples\AV-Check.exe | findstr THMAntwort 2:
THM{Y0uC4nC-5tr16s}
Task 6 Other Detection Techniques
Frage 1:
Which detection method is used to analyze malicious software inside virtual environments?
Antwort 1:
Dynamic Detection
Task 7 AV Testing and Fingerprinting
The following table contains well-known and commonly used AV software.
| Antivirus Name | Service Name | Process Name |
| Microsoft Defender | WinDefend | MSMpEng.exe |
| Trend Micro | TMBMSRV | TMBMSRV.exe |
| Avira | AntivirService, Avira.ServiceHost | avguard.exe, Avira.ServiceHost.exe |
| Bitdefender | VSSERV | bdagent.exe, vsserv.exe |
| Kaspersky | AVP<Version #> | avp.exe, ksde.exe |
| AVG | AVG Antivirus | AVGSvc.exe |
| Norton | Norton Security | NortonSecurity.exe |
| McAfee | McAPExe, Mfemms | MCAPExe.exe, mfemms.exe |
| Panda | PavPrSvr | PavPrSvr.exe |
| Avast | Avast Antivirus | afwServ.exe, AvastSvc.exe |
Keine Fragen in diesem Task.
Task 8 Conclusion
Keine Fragen in diesem Task.