Hi there, I am working on studying benign applications. So, I would like to know where I can find the various categories that the executables present in System32 folder can be categorized based on their behavior (such as API calls made by them) and also the total list of each executable to which category they belong and reason. It is difficult to study these executables as there is no UI for most of the executables in this folder.
Besides being off-topic for this list, this is a extremely odd request. What do you hope to study? What’s the point? What would you learn? What “categories” would you define?
I hope you are aware that the “dumpbin” executable will give you a list of all of the APIs that are implicitly imported by an executable or DLL. “link /dump /imports xxx.exe”. In addition, the version resource in most of those executables has a one-line summary of its purpose.
How would the presence of a UI help you to study the executable? These are all PE files and there are many tools to analyze that format as well as good documentation from Microsoft if you want to investigate it yourself.
You should note that the .exe, .dll, .sys etc. extensions are just conventions. Any properly formatted PE file can be used for any of these purposes.
You should also note that modern versions of Windows also implement a concept called API sets. This fundamentally changes the way that the loader works and there is a vast layer of compatibility shims that now exists. Mostly they fix mistakes in well known programs.