A security analyst receives an alert about a suspicious file hash. The analyst wants to check if the file is known malware by querying an online database of malware signatures. Which tool should the analyst use?
Trap 1: Nmap
Nmap is a network mapping tool, not for hash lookup.
Trap 2: John the Ripper
John the Ripper is a password cracking tool.
Trap 3: Wireshark
Wireshark captures and analyzes network packets.
- A
Nmap
Why wrong: Nmap is a network mapping tool, not for hash lookup.
- B
John the Ripper
Why wrong: John the Ripper is a password cracking tool.
- C
VirusTotal
VirusTotal accepts file hashes and returns detection results from many AV engines.
- D
Wireshark
Why wrong: Wireshark captures and analyzes network packets.