← Back to malware index
PoolParty (SafeBreach Labs research family)
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtAllocateReserveObject
Pre-allocates a kernel reserve object (APC or completion) so future operations cannot fail under memory pressure.
- NtCancelWaitCompletionPacket
Cancels a previously associated wait-completion packet, removing the dispatcher-object binding.
- NtAssociateWaitCompletionPacket
Binds a wait-completion packet to a dispatcher object so its signal posts an entry to an IOCP.