GIAC Certified Incident Handler (GCIH) — Question 9

Analysis of malicious code identifies a function that searches for specific processes and hardware on a victim host. If the processes or hardware are found, the malicious executable does not install itself. What is a common purpose of this type of malware functionality?

Answer options

• A. Detecting virtual machines
• B. Remote code execution
• C. Running polymorphic code
• D. Disabling local anti-virus

Correct answer: A

Explanation

The correct answer is A because malware often includes this functionality to avoid detection in virtualized environments where it can be analyzed. Options B and C relate to other malicious activities that do not apply to the specific function described, while D is incorrect as it pertains to different behavior that does not involve detecting environments.