Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google

Can You Identify Which of These Is Not Malware?

Take our malware quiz to see if you can identify the harmless file!

Difficulty: Moderate
2-5mins
Learning OutcomesCheat Sheet
Paper art style computer icons including bug virus shield magnifying glass on coral background for malware spotting quiz.

This malware quiz helps you spot which item is not malware and avoid common tricks. You'll compare ransomware, Trojans, adware, and safe tools to see what stands out. Work through real examples, build quicker instincts, and, if you want more practice, take a quick virus quiz next.

Which of these is not a type of malware?
Spam
Trojan
Virus
Worm
Spam refers to unsolicited or bulk messages typically sent via email or messaging platforms, and while it can be annoying and sometimes malicious, it is not malware in itself. Malware is software designed to harm or exploit systems. Spam is more of a nuisance and not an executable threat.
Which of these file extensions is not commonly used by executable malware on Windows?
.txt
.scr
.exe
.bat
Executable malware on Windows often uses extensions like .exe (executables), .bat (batch scripts), or .scr (screensaver executables) to run code. A .txt file is plain text and cannot execute code on its own, making it an unlikely format for malware delivery.
Which of these is not malware?
Trojan.FakeAV
Adware.AppleJeus
Worm.Blaster
Notepad++
Notepad++ is an open-source text editor used for programming and general text editing. It is not malicious software. The other options are known malware families that perform unwanted or harmful actions on infected systems.
Which of these is not a Maze ransomware variant?
LockBit
WannaCry
Maze
Ragnar Locker
WannaCry is a separate ransomware family that exploited the EternalBlue vulnerability in 2017. Maze, LockBit, and Ragnar Locker are all distinct ransomware operations that have used double-extortion tactics.
Which of these is not commonly used as a malware distribution method?
Software bundling
Phishing emails
Code signing
Drive-by downloads
Phishing emails, software bundling, and drive-by downloads are primary methods attackers use to distribute malware. Code signing is a legitimate process used to verify software integrity, though attackers may abuse it, it is not itself a distribution method.
Which of these is not a keylogger software?
KeyPass
Ardamax
Actual Keylogger
Predator
KeyPass is a password manager designed to securely store and manage user passwords, not to record keystrokes. Ardamax, Actual Keylogger, and Predator are all known legitimate or illicit keylogging tools.
Which of these is not a Trojan category?
Banking Trojan
Remote Access Trojan (RAT)
Rootkit Trojan
Wipers
Wipers are malware designed to destroy or overwrite data, not hidden backdoor Trojans. Banking Trojans, RATs, and Rootkit Trojans are all subcategories of Trojan malware that target specific objectives.
Which of these is not a fileless malware technique?
Dropping and executing an EXE file on disk
Living-off-the-land binaries (LoLBins)
Memory injection via PowerShell
WMI event subscription scripts
Fileless malware techniques operate in memory or use legitimate system tools without writing malicious files to disk. Dropping and executing an EXE writes a file to disk, which is not fileless. The other options represent memory- or registry-based methods.
Which of these is not considered adware?
BonziBuddy
Tor Browser
Fireball
Gator
Tor Browser is a privacy-focused web browser that routes traffic through the Tor network. Fireball, Gator, and BonziBuddy are known adware programs that serve unwanted advertisements.
Which of these is not a characteristic of spyware?
Stealing user credentials
Monitoring keystrokes
Encrypting files for ransom
Capturing screenshots
Spyware is designed to monitor user activity, capture credentials, and gather information stealthily. Encrypting files for ransom is a behavior associated with ransomware, not spyware.
Which of these is not an indicator of compromise (IoC)?
Unauthorized registry changes
Unusual outbound traffic
Changes in DNS entries
Regular software updates
Regular software updates are a normal security practice, not an indicator of compromise. Unusual outbound traffic, DNS changes, and unexpected registry modifications are classic IoCs.
Which of these is not an example of a banking Trojan?
Dridex
IcedID
Mirai
Zeus
Mirai is a botnet malware targeting IoT devices, not a banking Trojan. Dridex, Zeus, and IcedID are well-known banking Trojans that steal financial credentials.
Which of these is not a typical goal of spyware?
Industrial espionage
Financial theft
Data exfiltration
System resource consumption
Spyware focuses on secret surveillance and data theft, not on consuming system resources. Crypto-miners and certain malware aim to use system resources heavily.
Which of these is not a legitimate remote administration tool often abused as a RAT?
TightVNC
PuTTY
VNC
TeamViewer
PuTTY is an SSH and telnet client, not a remote desktop tool. TeamViewer, VNC, and TightVNC are remote desktop applications that attackers often misuse as RATs.
Which Windows Event ID is not typically monitored for malware detection?
4663 - Object Access Attempted
5023 - Service Control Manager
7045 - New Service Installed
4624 - Successful Account Logon
Event IDs 7045, 4624, and 4663 are common indicators when monitoring for unauthorized services, logons, or file access. Event ID 5023 is less commonly used in standard malware detection playbooks.
Which of these is not a feature of rootkits?
Hiding processes
Encrypting user files
Modifying kernel code
Hooking system calls
Rootkits focus on stealth by hiding processes, hooking system calls, or modifying kernel code. Encrypting user files is a ransomware behavior, not a rootkit objective.
Which is not a behavior of file-encrypting ransomware?
Using strong encryption algorithms
Dropping a ransom note
Encrypting file names
Mass deletion of files without encryption
File-encrypting ransomware typically encrypts file contents and sometimes names, then drops a ransom note and uses strong encryption. Mass deletion without encryption is destructive malware behavior, not ransomware.
Which of these is not a spyware detection method?
Signature-based scanning
Heuristic scanning
Behavioral analytics
Port scanning
Port scanning identifies open network ports and is a network reconnaissance technique, not specific to detecting spyware. Heuristic, signature, and behavioral methods are common in anti-spyware tools.
Which of these is not a typical command-and-control communication method?
FTP polling
HTTP beaconing
ICMP tunnels
DNS tunneling
While HTTP, DNS, and ICMP channels are commonly abused by malware for C2 traffic, FTP polling is rarely used for stealthy command-and-control.
Which of these is not used to bypass antivirus sandboxing?
Delayed execution (sleep)
VM detection checks
Code obfuscation
AI-based code generation
VM detection, delayed execution, and code obfuscation are well-known sandbox evasion techniques. AI-based code generation is a development approach, not a direct sandbox bypass method.
Which of these is not a polymorphic malware technique?
Encrypting the payload with a variable key
Changing the file name of the payload each time
Mutating code instructions on each infection
Using packers that alter the binary
True polymorphic malware mutates its code or encryption keys on each infection. Changing only the file name does not alter the payload itself and is not a polymorphic technique.
Which of these is not a known fileless malware framework?
Poweliks
Kovter
PowerDuke
Duqu
Duqu is a sophisticated malware related to Stuxnet but writes files to disk. PowerDuke, Poweliks, and Kovter are examples of fileless malware that operate mainly in memory or registry.
Which of these is not a mitigation strategy specifically for preventing malware injection?
Address Space Layout Randomization (ASLR)
Application whitelisting
Content Security Policy (CSP)
Code signing enforcement
CSP is a browser-based policy to mitigate web-based script injection and XSS, not system-level malware injection. ASLR, whitelisting, and code signing help prevent unauthorized code from being injected or executed.
Which of these is not a MITRE ATT&CK technique ID for persistence?
T1027 - Obfuscated Files or Information
T1059 - Command and Scripting Interpreter
T1543 - Create or Modify System Process
T1134 - Access Token Manipulation
T1027 covers defense evasion via obfuscation, not persistence. Techniques T1059, T1543, and T1134 are all used by adversaries to maintain access or escalate privileges persistently.
0
{"name":"Which of these is not a type of malware?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Which of these is not a type of malware?, Which of these file extensions is not commonly used by executable malware on Windows?, Which of these is not malware?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Identify Non-Malicious Software -

    Determine which of these is not a malware and not harmful by spotting the absence of malicious traits in common software examples.

  2. Differentiate Key Malware Types -

    Analyze characteristics of viruses, worms, trojans, ransomware, and spyware to accurately classify each type in the quiz.

  3. Spot Malicious Behaviors -

    Recognize telling signs of compromise and risky activities so you can quickly identify harmful software patterns.

  4. Evaluate Threat Levels -

    Assess the potential impact of various programs to prioritize your response to real-world cybersecurity threats.

  5. Apply Cybersecurity Best Practices -

    Leverage insights from the malware quiz to bolster your digital defenses and maintain a safer computing environment.

Cheat Sheet

  1. Malware Taxonomy -

    Review the core definitions of viruses, worms, trojans, ransomware and adware from sources like NIST. Use the mnemonic "V W T R A" (Very Wicked Trojans Run Amok) to recall each major category and its propagation method.

  2. File Extensions & Signatures -

    Understand common malicious file types (.exe, .scr, .dll) and how signature-based scanners match hash patterns (MD5/SHA256) against known malware databases. Refer to Microsoft's Threat Protection guidelines to see real-world examples of signature fingerprints.

  3. Behavior-Based Analysis -

    Explore how sandbox environments detect unusual behaviors (e.g., unexpected registry edits or network calls) by comparing runtime actions against baseline profiles. The MITRE ATT&CK framework offers reproducible test cases for key techniques like "Process Injection" and "Command and Scripting Interpreter."

  4. Heuristic vs. Signature Detection -

    Distinguish signature-based methods (exact pattern matches) from heuristics that flag suspicious code patterns or obfuscated logic. AV-TEST and AV-Comparatives regularly publish detection rate comparisons revealing strengths and weaknesses of each approach.

  5. Spotting False Positives -

    Practice uploading questionable files to VirusTotal or Hybrid Analysis to compare multi-engine verdicts and metadata. Recognizing that some highly compressed or self-extracting archives may trigger warnings despite being benign helps sharpen your "which of these is not a malware and not harmful" instincts.

Powered by: Quiz Maker