← Back to malware index
(no widely reported family use)
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtCompareObjects
Returns STATUS_SUCCESS when two handles refer to the same underlying kernel object.
- NtMakePermanentObject
Sets the OBJ_PERMANENT attribute on a named kernel object so it survives after the last handle closes.
- NtMakeTemporaryObject
Clears the OBJ_PERMANENT attribute so the kernel object is freed once its last handle closes.