Malcore: Simple File Analysis
  • Malcore API docs
  • Packer Checking
  • Deep Static Analysis
  • PCAP diffing
  • Gather sections
  • Shellcode Emulation
  • Executable File Analysis
  • Binary Diffing
  • Script Analysis
  • Ransom Note Comparison
  • PCAP Analysis
  • Snort Rule Generation
  • Hash Checksum
  • Strings
  • Imports and Exports
  • Status Check
  • Yara Rule Scanning
  • Parse Exif Data
  • Domain Analysis
  • Threat Score
  • Execute From URL
  • Document File Analysis
  • URL Checking
  • Browser Extension Analysis
  • Android Permission Lookup
  • AndroidManifest Parsing
  • Phone Application Analysis
  • Dynamic Analysis
  • Threat Feed
  • AI Classifier
  • Scan Results Manipulation
Powered by GitBook
On this page
  • [ POST ] https://api.malcore.io/api/impexp
  • Query Params
  • Headers
  • Request
  • Response

Imports and Exports

[ POST ] https://api.malcore.io/api/impexp

Gather imports and exports out of binary files


Query Params

  • filename1 file

Headers

  • apiKey string


Request

curl -X POST https://api.malcore.io/api/impexp \
	-F "filename1=@myfile.exe" \
  -H "apiKey: myapikey" \

Response

🟢 200

{
  "results": {
    "imports": {
      "import_location": {
        "ncrypt.dll": [
          {
            "name": "BCryptGenRandom",
            "address": "0x4fa39c"
          }
        ],
        "ucrtbase.dll": [
          {
            "name": "strrchr",
            "address": "0x4fa19c"
          },
          {
            "name": "memcpy",
            "address": "0x4fa1a0"
          },
          {
            "name": "getenv",
            "address": "0x4fa208"
          }
        ],
        "crypt32.dll": [
          {
            "name": "CertGetCertificateContextProperty",
            "address": "0x4fa04c"
          },
          {
            "name": "CertCloseStore",
            "address": "0x4fa064"
          }
        ],
        "kernel32.dll": [
          {
            "name": "QueryPerformanceCounter",
            "address": "0x4fa06c"
          },
          {
            "name": "QueryPerformanceFrequency",
            "address": "0x4fa070"
          },
          {
            "name": "OpenProcessToken",
            "address": "0x4fa030"
          }
        ],
        "advapi32.dll": [
          {
            "name": "CryptExportKey",
            "address": "0x4fa000"
          },
          {
            "name": "AdjustTokenPrivileges",
            "address": "0x4fa004"
          },
          {
            "name": "CryptReleaseContext",
            "address": "0x4fa044"
          }
        ],
        "user32.dll": [
          {
            "name": "GetUserObjectInformationW",
            "address": "0x4fa18c"
          },
        ]
      },
      "raw_discovered_imports": [
        [
          "0x4fa06c",
          "QueryPerformanceCounter"
        ],
        [
          
        [
          "0x4fa060",
          "CertOpenStore"
        ],
        [
          "0x4fa064",
          "CertCloseStore"
        ]
      ],
      "import_hashes": [
        [
          "AdjustTokenPrivileges",
          "0x330a1f75"
        ],
        [
          "WSASetLastError",
          "0x5dc69bdd"
        ]
      ]
    },
    "exports": ""
  }
}

🔴 400

{}
PreviousStringsNextStatus Check

Last updated 1 year ago