Dynamic Analysis
[ POST ] https://api.malcore.io/api/dynamicanalysis
Scan the file against thousands of yara rules
Query Params
filename1file
Headers
apiKeystringX-No-Pollstring
Request
curl -X POST https://api.malcore.io/api/dynamicanalysis \
-H "apiKey: MY-API-KEY" \
-H "X-No-Poll: true" \
-F "filename1=@calc.exe" \
Response
🟢 200
{'dynamic_analysis': [
{'entry_points': [
{'ep_args': ['0x4000', '0x4010', '0x4020', '0x4030'
], 'instr_count': 133, 'apis': [
{'pc': '0x140005d3a', 'api_name': 'api-ms-win-core-sysinfo-l1-1-0.GetSystemTimeAsFileTime', 'args': ['0x1211f90'], 'ret_val': None
},
{'pc': '0x140005d48', 'api_name': 'api-ms-win-core-processthreads-l1-1-0.GetCurrentProcessId', 'args': [], 'ret_val': '0x420'
},
{'pc': '0x140005d54', 'api_name': 'api-ms-win-core-processthreads-l1-1-0.GetCurrentThreadId', 'args': [], 'ret_val': '0x434'
},
{'pc': '0x140005d60', 'api_name': 'api-ms-win-core-sysinfo-l1-1-0.GetTickCount', 'args': [], 'ret_val': '0x5265c14'
},
{'pc': '0x140005d70', 'api_name': 'api-ms-win-core-sysinfo-l1-1-0.GetTickCount', 'args': [], 'ret_val': '0x5265c28'
},
{'pc': '0x140005d8b', 'api_name': 'api-ms-win-core-profile-l1-1-0.QueryPerformanceCounter', 'args': ['0x1211f98'
], 'ret_val': '0x1'
},
{'pc': '0x140005bc8', 'api_name': 'api-ms-win-core-libraryloader-l1-2-0.GetModuleHandleW', 'args': ['0x0', '0x4010', '0x4020', '0x4030'
], 'ret_val': '0x1'
}
], 'start_addr': '0x1400057c0', 'error': {'instr': 'cmp word ptr [rcx
], ax', 'regs': {'r14': '0x0000000000000000', 'r9': '0x0000000000004030', 'rcx': '0x0000000000000001', 'rsi': '0x0000000000000000', 'r10': '0x0000000000000000', 'rbx': '0x0000000000000001', 'rsp': '0x0000000001211ef8', 'r11': '0x0000000000000000', 'r8': '0x0000000000004020', 'rdx': '0x0000000000000000', 'rip': '0x0000000140005b71', 'rbp': '0x0000000001211fd8', 'r15': '0x00000001400065f0', 'r12': '0x0000000000000000', 'rdi': '0x00000001400065e0', 'rax': '0x0000000000005a4d', 'r13': '0x0000000000000000'
}, 'pc': '0x140005b71', 'address': '0x1', 'type': 'invalid_read', 'stack': ['sp+0x00: 0x0000000000000000', 'sp+0x08: 0x0000000000000000', 'sp+0x10: 0x0000000000000000', 'sp+0x18: 0x0000000140005bd5 -> emu.module._MALWARE__d58c0826509944f4647617d878c1bbe51cb9e551671bc27f26dec97fe8235c2f.0x140000000', 'sp+0x20: 0x0000000000000000', 'sp+0x28: 0x0000000000000000', 'sp+0x30: 0x0000000000000000', 'sp+0x38: 0x0000000000000000', 'sp+0x40: 0x0000000000000001', 'sp+0x48: 0x0000000140005539 -> emu.module._MALWARE__d58c0826509944f4647617d878c1bbe51cb9e551671bc27f26dec97fe8235c2f.0x140000000', 'sp+0x50: 0x0000000000000000', 'sp+0x58: 0x0000000140005d8b -> emu.module._MALWARE__d58c0826509944f4647617d878c1bbe51cb9e551671bc27f26dec97fe8235c2f.0x140000000', 'sp+0x60: 0x0000000000000000', 'sp+0x68: 0x0000000000000000', 'sp+0x70: 0x0000000000000000', 'sp+0x78: 0x0000000140005699 -> emu.module._MALWARE__d58c0826509944f4647617d878c1bbe51cb9e551671bc27f26dec97fe8235c2f.0x140000000'
]
}, 'mem_access': [
{'reads': 22, 'tag': 'emu.module._MALWARE__d58c0826509944f4647617d878c1bbe51cb9e551671bc27f26dec97fe8235c2f.0x140000000', 'writes': 5, 'base': '0x140000000', 'execs': 133
},
{'reads': 12, 'tag': 'emu.stack.0x1200000', 'writes': 27, 'base': '0x1200000', 'execs': 0
},
{'reads': 2, 'tag': 'emu.segment.gs.0x3000', 'writes': 0, 'base': '0x3000', 'execs': 0
},
{'reads': 1, 'tag': None, 'writes': 0, 'base': '0x0', 'execs': 0
}
], 'ep_type': 'module_entry', 'apihash': '223ff75967673e5cb2f84ae933dde2f84e66fa049b2ad6be9a89c89a0eba49d6', 'ret_val': '0x5a4d', 'dynamic_code_segments': []
}
], 'emulation_total_runtime': 0.144, 'timestamp': 1710193423, 'os_run': 'windows.10_1', 'arch': 'x64', 'strings': {'in_memory': {'ansi': [], 'unicode': []
}
}
}
], 'parsed_output': [], 'misc_information': [
{'raw_output': []
}
]
},
[]
], 'isMaintenance': False, 'success': True, 'messages': [
{'type': 'success', 'code': 200, 'message': 'Scan ran successfully'
}
]
🔴 400
Last updated