What can be used to make a malicious file to appear to have 0 byte size in the dir command output?

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

What can be used to make a malicious file to appear to have 0 byte size in the dir command output?

  • using AES to encrypt the file
  • using winzip to compress the file
  • using the Master File Table to alter the true file size
  • using NTFS Alternate Data Streams to attach the data to the file
Explanation & Hint:

To make a malicious file appear to have a 0-byte size in the dir command output on Windows, you can use NTFS Alternate Data Streams (ADS). Alternate Data Streams allow you to attach additional data to a file without changing its size, as reported by the dir command. The file will still have its actual content, but the ADS can be used to hide or store additional information.

By attaching the data to an ADS, the file size, as reported by dir, will remain 0 bytes, while the actual data remains hidden within the stream. This technique is often used for various purposes, including hiding data or malicious content. However, it’s important to note that this is a technique that can be used for both legitimate and malicious purposes.

For more Questions and Answers:

Endpoints and Systems Post-Assessment | CBROPS

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments