GIAC Certified Incident Handler (GCIH) — Question 57

How would an attacker hide an executable from being viewed by Windows Explorer?

Answer options

• A. Rename it to '..'
• B. Change the extension from .exe to .dll
• C. Encrypt it with RC4
• D. Place it into an ADS of a .txt file

Correct answer: B

Explanation

The correct answer is B because changing the extension from .exe to .dll can prevent Windows Explorer from recognizing it as an executable file, thus hiding it from view. Options A and C do not effectively hide the executable from Windows Explorer, and option D, while it can hide the file, does not specifically change its type to avoid detection.