Last Updated on November 17, 2023 by InfraExam
What can be used to make a malicious file to appear to have 0 byte size in the dir command output?
- using AES to encrypt the file
- using winzip to compress the file
- using the Master File Table to alter the true file size
- using NTFS Alternate Data Streams to attach the data to the file
|Explanation & Hint:
To make a malicious file appear to have a 0-byte size in the
dir command output on Windows, you can use NTFS Alternate Data Streams (ADS). Alternate Data Streams allow you to attach additional data to a file without changing its size, as reported by the
dir command. The file will still have its actual content, but the ADS can be used to hide or store additional information.
By attaching the data to an ADS, the file size, as reported by
dir, will remain 0 bytes, while the actual data remains hidden within the stream. This technique is often used for various purposes, including hiding data or malicious content. However, it’s important to note that this is a technique that can be used for both legitimate and malicious purposes.
For more Questions and Answers: