nerdexam
EC-Council

312-50V10 · Question #901

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may ha

The correct answer is A. Use ExifTool and check for malicious content.. When a suspicious file has been executed, analyzing it with ExifTool can uncover hidden metadata and embedded malicious content that reveal whether the file was designed as a trojan.

Malware Threats

Question

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. what tests would you perform to determine whether his computer Is Infected?

Options

  • AUse ExifTool and check for malicious content.
  • BYou do not check; rather, you immediately restore a previous snapshot of the operating system.
  • CUpload the file to VirusTotal.
  • DUse netstat and check for outgoing connections to strange IP addresses or domains.

How the community answered

(32 responses)
  • A
    84% (27)
  • B
    9% (3)
  • C
    3% (1)
  • D
    3% (1)

Why each option

When a suspicious file has been executed, analyzing it with ExifTool can uncover hidden metadata and embedded malicious content that reveal whether the file was designed as a trojan.

AUse ExifTool and check for malicious content.Correct

ExifTool is a metadata analysis utility that can inspect embedded properties, scripts, and hidden payloads within files. By examining the file's metadata structures, an analyst can identify suspicious indicators - such as embedded executables, macros, or crafted fields - that signal the file was designed to install or execute a trojan. This direct file-level analysis provides evidence of malicious intent from the artifact itself.

BYou do not check; rather, you immediately restore a previous snapshot of the operating system.

Restoring a snapshot is a remediation action, not a diagnostic test - it destroys forensic evidence and does not confirm whether an infection actually occurred.

CUpload the file to VirusTotal.

Uploading to VirusTotal checks the file against antivirus signatures but does not analyze runtime system changes or behavior resulting from prior execution on the specific machine.

DUse netstat and check for outgoing connections to strange IP addresses or domains.

Netstat reveals active network connections at a point in time but does not analyze the suspicious file itself or identify embedded malicious content within it.

Concept tested: Malware file analysis using metadata inspection tools

Source: https://exiftool.org/

Topics

#trojan detection#malware analysis#netstat#incident response

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice