NanoDump

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.

4 syscalls cited

NtSuspendThread
Increments the suspend count of a target thread, halting its execution.
NtQuerySystemInformation
Retrieves a class of system-wide information — process list, kernel handle table, loaded driver list, code-integrity status, and more.
NtDuplicateObject
Duplicates a handle from a source process into a target process, optionally adjusting access or closing the source.
NtQueryObject
Returns metadata about a kernel object handle: basic info, name, type, or the system-wide type table.