PrepAway - Latest Free Exam Questions & Answers

which of the following types of malware was installed o…

After a user reports slow computer performance, a system administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administrator reviews the output below:

Based on the above information, which of the following types of malware was installed on the user’s computer?

PrepAway - Latest Free Exam Questions & Answers






PrepAway - Latest Free Exam Questions & Answers

5 Comments on “which of the following types of malware was installed o…

  1. rabinsays says:

    The correct answer is Worm.
    Wannacry uses SMB v1.0 and TCP port 445 to compromise Windows machine and load the malware; and also propagates into other machines.


  2. cybersec2016 says:

    No, the answer is RAT!
    According to Darril Gibson ( He talks about it in his Security + SY0-501 Study Guide):
    Answer is A. The winserver.exe file is a remote access Trojan (RAT). All of the other executable names displayed by netstat are valid.
    The RAT acronym stands for Remote Administration Tool. A RAT is a software, popularly used to control other computers remotely.
    To hack a computer remotely using a RAT, you have to create a server and then send this server to the victim whose computer you’re trying to hack. Generally, this server is binded to any file, like a picture or song, so that whenever the victim opens the file on his computer, our server is installed. This server opens a port on the victim’s computer, allowing you to remotely hack the device via the open port.

    Some examples of RATs are:
    Yuri RAT and many other.

    A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.

    A logic bomb is a string of code embedded into an application or script that will execute in response to an event.

    Ransomware is a specific type of Trojan that typically encrypts the user’s data until the user pays a ransom.

    Ransomware that encrypts data is often called crypto-malware.

    Because winserver.exe is known malware, the netstat output does indicate malware is running.

    I hope that helps



Leave a Reply