← Back to malware index
HermeticWiper
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
5 syscalls cited
- NtRaiseHardError
Raises a 'hard error' that the kernel routes to CSRSS for UI prompting — or, with SeShutdownPrivilege and FATAL severity, triggers an immediate bugcheck (BSOD).
- NtCreateFile
Creates or opens a file, directory, device, or named pipe — every dropper's first call to disk.
- NtWriteFile
Writes data to an open file, pipe, or device — the kernel companion to NtCreateFile for dropping payloads.
- NtSetSystemPowerState
Transitions the system into the requested sleep, hibernate or working power state.
- NtInitiatePowerAction
Requests the power manager to perform a system-wide power action (sleep, hibernate, shutdown, reboot).