# Emulate Malware and Extract API Calls
> Emulate a Windows binary on Linux and analyze its API usage

**Tools:** [[tools/speakeasy|speakeasy]], [[tools/jq|jq]]
**FOR610 Lab:** 1.4

## Commands
```bash
# Emulate and capture both JSON report and text log
speakeasy -t <sample> -o report.json 2> report.txt
# Extract all API names called
jq '.entry_points[].apis[].api_name' report.json
# Extract unique API names
jq -r '.entry_points[].apis[].api_name' report.json | sort -u
```

#recipe #speakeasy #jq