O'Reilly logo

Learning Malware Analysis by Monnappa K A

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

6.1 Inspecting File Dependencies and Imports

Usually, malware interacts with the file, registry, network, and so on. To perform such interactions, malware frequently depends on the functions exposed by the operating system. Windows exports most of its functions, called Application Programming Interfaces (API), required for these interactions in Dynamic Link Libary (DLL) files. Executables import and call these functions typically from various DLLs that provide different functionality. The functions that an executable imports from other files (mostly DLLs) are called imported functions (or imports).

For example, if a malware executable wants to create a file on disk, on Windows, it can use an API CreateFile(), which is exported in kernel32.dll ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required