Home
Search
Map
Resources
Technique List
Snippet List
Detection Rule List
Featured Evasion API List
Tools
About
API
Unprotect API
API Documentation
Login
CloseHandle
Low
Caution Level
39
Techniques Count
Kernel32.dll
Library Name
Read documentation
Through official Microsoft Developer Network (MSDN).
Featured in Techniques
Technique Name
Technique ID's
Snippet(s)
Rules(s)
OS
Checking Specific Folder Name
U1331
CloseHandle, NtClose
U0114
B0001.003
IsDebugged Flag
U0113
B0001.019
RDTSC
U0126
Detecting Window with FindWindow API
U0406
U0123
Detecting Running Process: EnumProcess API
U0109
U0405
U1306
Process Hollowing, RunPE
U1225
E1055.012
Parent Process Detection
U0404
DLL Injection via CreateRemoteThread and LoadLibrary
U1226
E1055.001
SuspendThread
U0101
C0055
Reflective DLL injection
U1224
Thread Execution Hijacking
U1223
E1055.003
APC injection
U1221
E1055.004
Atom Bombing
U1220
Extra Window Memory Injection
U1219
E1055.011
PE Injection
U1216
E1055.002
Process Doppelgänging
U1215
Kill Process
U0403
Wiping or Encrypting
U0301
NTFS Files Attributes
U0501
ConsoleWindowClass
U1209
Treepoline
U1208
Listplanting
U1207
OLEUM
U1206
EditWordBreakProc
U1229
WordWarping
U1204
CLIPBRDWNDCLASS
U1203
DNS API Injection
U1202
Breaking BaDDEr
U1201
Indicator Removal: Timestomp
U0303
T1070.006
File Melt
U1007
Detecting Online Sandbox
U1338
Access Token Manipulation: Parent PID Spoofing
U1234
T1134.004
User Interaction (Are you human?)
U1339
E1204
ProcEnvInjection - Remote code injection by abusing process environment strings
U1235
NLS Code Injection Through Registry
U1237
FLIRT Signatures Evasion
U0220
C2 via FTP(S)
U0910
SMB / Named Pipes
U9011