312-50V10 · Question #901
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may ha
The correct answer is A. Use ExifTool and check for malicious content.. When a suspicious file has been executed, analyzing it with ExifTool can uncover hidden metadata and embedded malicious content that reveal whether the file was designed as a trojan.
Question
A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. what tests would you perform to determine whether his computer Is Infected?
Options
- AUse ExifTool and check for malicious content.
- BYou do not check; rather, you immediately restore a previous snapshot of the operating system.
- CUpload the file to VirusTotal.
- DUse netstat and check for outgoing connections to strange IP addresses or domains.
How the community answered
(32 responses)- A84% (27)
- B9% (3)
- C3% (1)
- D3% (1)
Why each option
When a suspicious file has been executed, analyzing it with ExifTool can uncover hidden metadata and embedded malicious content that reveal whether the file was designed as a trojan.
ExifTool is a metadata analysis utility that can inspect embedded properties, scripts, and hidden payloads within files. By examining the file's metadata structures, an analyst can identify suspicious indicators - such as embedded executables, macros, or crafted fields - that signal the file was designed to install or execute a trojan. This direct file-level analysis provides evidence of malicious intent from the artifact itself.
Restoring a snapshot is a remediation action, not a diagnostic test - it destroys forensic evidence and does not confirm whether an infection actually occurred.
Uploading to VirusTotal checks the file against antivirus signatures but does not analyze runtime system changes or behavior resulting from prior execution on the specific machine.
Netstat reveals active network connections at a point in time but does not analyze the suspicious file itself or identify embedded malicious content within it.
Concept tested: Malware file analysis using metadata inspection tools
Source: https://exiftool.org/
Topics
Community Discussion
No community discussion yet for this question.