GIAC
GREM · Question #6
GREM Question #6: Real Exam Question with Answer & Explanation
Sign in or unlock GREM to reveal the answer and full explanation for question #6. The question stem and answer options stay visible for context.
Question
You are analyzing a malware sample in a debugger and notice the use of the CALL instruction followed by the manipulation of the EAX register. You suspect the malware is using custom functions for malicious purposes. How would you proceed with the analysis? (Choose three)
Options
- AStep into the CALL instruction to observe the function being executed.
- BAnalyze the memory and stack before and after the CALL to understand how function arguments
- CDump the memory to inspect the malware's unpacked payload.
- DUse static analysis tools to decompile the malware before proceeding further with dynamic
- ESet a breakpoint after the CALL to observe the returned value in the EAX register.
Unlock GREM to see the answer
You've previewed enough free GREM questions. Unlock GREM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.