kernell32.dll, advapi.dll, ntdll.dll |
These three libraries are used for communicating with the kernel and basic functions, like opening files, creating processing, manipulating hardware etc. advapi.dll is for advanced functionality like registry and service manager. ntdll.dll is pretty much the same as kernell32.dll (since the latter used the former in its imports) but more low-level and advanced. It’s rarely imported directly, usually, kernell32.dll imports it. Its direct import might be an indicator of hiding functionality. |
user32.dll, gdi32.dll |
These are for GUI. user32.dll is for buttons and stuff, while gdi32.dll is for general graphics settings. |
WSock32.dll, ws2_32.dll, wininet.dll |
WSock32.dll and ws2_32.dll are for general networking functionality like opening sockets, while wininet.dll is more high-level (FTP, HTTP, NTP protocols etc). |
