← Back to malware index
(no documented malware abuse)
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtOpenPartition
Opens an existing memory partition object by name and returns a handle for management or process attachment.
- NtManagePartition
Queries or modifies an existing memory partition — add memory, transfer pages, set memory-list configuration.
- NtCompareSigningLevels
Compares two SE_SIGNING_LEVEL values using Code Integrity's policy ordering and returns whether the first dominates the second.