# speakeasy
# Windows binary emulator — emulates API calls to analyze malware behavior without native execution
# FOR610 Labs: 1.4 | Sections: 1
# Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files

% emulation, api-calls, behavioral-analysis

# Basic usage
speakeasy -t specimen.exe -o report.json 2> report.txt

# Show all results
speakeasy -t shellcode.bin -r -a x86


# --- Recipes (multi-tool chains) ---

# >> Emulate Malware and Extract API Calls
# Emulate and capture both JSON report and text log
speakeasy -t <sample> -o report.json 2> report.txt
# Extract all API names called
jq '.entry_points[].apis[].api_name' report.json
# Extract unique API names
jq -r '.entry_points[].apis[].api_name' report.json | sort -u