Imports and Exports

[ POST ] https://api.malcore.io/api/impexp

Gather imports and exports out of binary files

Query Params

  • filename1 file

Headers

  • apiKey string

Request

curl -X POST https://api.malcore.io/api/impexp \
	-F "filename1=@myfile.exe" \
  -H "apiKey: myapikey" \

Response

🟢 200

{
  "results": {
    "imports": {
      "import_location": {
        "ncrypt.dll": [
          {
            "name": "BCryptGenRandom",
            "address": "0x4fa39c"
          }
        ],
        "ucrtbase.dll": [
          {
            "name": "strrchr",
            "address": "0x4fa19c"
          },
          {
            "name": "memcpy",
            "address": "0x4fa1a0"
          },
          {
            "name": "getenv",
            "address": "0x4fa208"
          }
        ],
        "crypt32.dll": [
          {
            "name": "CertGetCertificateContextProperty",
            "address": "0x4fa04c"
          },
          {
            "name": "CertCloseStore",
            "address": "0x4fa064"
          }
        ],
        "kernel32.dll": [
          {
            "name": "QueryPerformanceCounter",
            "address": "0x4fa06c"
          },
          {
            "name": "QueryPerformanceFrequency",
            "address": "0x4fa070"
          },
          {
            "name": "OpenProcessToken",
            "address": "0x4fa030"
          }
        ],
        "advapi32.dll": [
          {
            "name": "CryptExportKey",
            "address": "0x4fa000"
          },
          {
            "name": "AdjustTokenPrivileges",
            "address": "0x4fa004"
          },
          {
            "name": "CryptReleaseContext",
            "address": "0x4fa044"
          }
        ],
        "user32.dll": [
          {
            "name": "GetUserObjectInformationW",
            "address": "0x4fa18c"
          },
        ]
      },
      "raw_discovered_imports": [
        [
          "0x4fa06c",
          "QueryPerformanceCounter"
        ],
        [
          
        [
          "0x4fa060",
          "CertOpenStore"
        ],
        [
          "0x4fa064",
          "CertCloseStore"
        ]
      ],
      "import_hashes": [
        [
          "AdjustTokenPrivileges",
          "0x330a1f75"
        ],
        [
          "WSASetLastError",
          "0x5dc69bdd"
        ]
      ]
    },
    "exports": ""
  }
}

🔴 400

{}
PreviousStringsNextStatus Check

Last updated