A program's DLLs can tell you a lot about its functionality. Below lists common DLLs and what they tell you about an application. - Practical Malware Analysis
DLL
|
Description
|
| Kernel32.dll | This is a very common DLL that contains core functionality, such as access and manipulation of memory, files, and hardware. |
| Advapi32.dll | This DLL provides access to advanced core Windows components such as the Service Manager and Registry. |
| User32.dll | This DLL contains all the user-interface components, such as buttons, scroll bars, and components for controlling and responding to user actions. |
| Gdi32.dll | This DLL contains functions for displaying and manipulating graphics. |
| Ntdll.dll | This DLL is the interface to the Windows kernel. Executables generally do not import this file directly, although it is always imported indirectly by Kernel32.dll. If an executable import this file, it means that the author intended to use functionality not normally available to Windows programs. Some tasks, such as hiding functionality or manipulating processes, will use this interface. |
| WSock32.dll and Ws2_32.dll | These are networking DLLs. A program that access either of these most likely connects to a network or performs network-related tasks, |
| Wininet.dll | This DLL contains higher-level networking functions that implement protocols such as FTP, HTTP, and NTP. |
No comments:
Post a Comment