Featured Evasion API List

The feature you are currently using is in beta, which means it is still being tested and improved upon. The caution level (low, medium, high) may not be definitive and may be adjusted as we gather more data. We are constantly working to improve the precision of our feature and welcome any suggestions or feedback you may have to help us do so. Thank you for your patience and understanding as we work to bring you the best possible experience.

API Name Library Technique Count Level
AddVectoredExceptionHandler Kernel32.dll 3 Medium
AdjustTokenPrivileges advapi32.dll 1 Medium
Arc gdi32.dll 1 Low
BlockInput user32.dll 1 Low
BuildCommDCBAndTimeoutsA Kernel32.dll 1 Low
CallNamedPipeW Kernel32.dll 1 Medium
CallNextHookEx user32.dll 1 High
CloseHandle Kernel32.dll 39 Low
CoCreateInstance ole32.dll 2 Low
CoInitialize ole32.dll 1 Low
ConnectNamedPipe Kernel32.dll 1 Medium
CopyMemory Kernel32.dll 1 Low
CreateDirectoryW Kernel32.dll 2 Low
CreateFileW Kernel32.dll 2 Low
CreateNamedPipeA Kernel32.dll 1 Medium
CreateNamedPipeW Kernel32.dll 1 Medium
CreateProcessA Kernel32.dll 4 Medium
CreateProcessW Kernel32.dll 5 Medium
CreateRemoteThread Kernel32.dll 5 High
CreateServiceA Advapi32.lib 1 Medium
CreateThread Kernel32.dll 10 Low
CreateToolhelp32Snapshot Kernel32.dll 9 Medium
DeviceIoControl Kernel32.dll 1 Low
DisconnectNamedPipe Kernel32.dll 1 Medium
DispatchMessageW user32.dll 1 Low
EnumPrinters winspool.drv 1 Low
EnumWindows user32.dll 2 Low
ExitProcess Kernel32.dll 8 Low
ExitThread Kernel32.dll 2 Low
FindWindowW user32.dll 3 Low
FreeLibrary Kernel32.dll 8 Low
FtpCreateDirectoryA Wininet.dll 1 Medium
FtpCreateDirectoryW Wininet.dll 1 Medium
FtpDeleteFileA Wininet.dll 1 Medium
FtpDeleteFileW Wininet.dll 1 Medium
FtpGetCurrentDirectoryA Wininet.dll 1 Medium
FtpGetCurrentDirectoryW Wininet.dll 1 Medium
FtpOpenFileA Wininet.dll 1 Medium
FtpOpenFileW Wininet.dll 1 Medium
FtpSetCurrentDirectoryA Wininet.dll 1 Medium
FtpSetCurrentDirectoryW Wininet.dll 1 Medium
GetClipboardData user32.dll 1 Medium
GetCommandLineW Kernel32.dll 2 Low
GetCurrentProcess Kernel32.dll 15 Low
GetCurrentProcessId Kernel32.dll 5 Low
GetCurrentThread Kernel32.dll 3 Low
GetCursor user32.dll 1 Low
GetCursorPos user32.dll 1 Low
GetDesktopWindow user32.dll 1 Medium
GetDiskFreeSpaceExW Kernel32.dll 1 Low
GetDriveTypeA Kernel32.dll 1 Low
GetFileSizeEx Kernel32.dll 3 Low
GetForegroundWindow user32.dll 1 Low
GetLastError Kernel32.dll 21 Low
GetLocalTime Kernel32.dll 1 Low
GetLogicalDrives Kernel32.dll 1 Low
GetModuleHandleW Kernel32.dll 1 Low
GetParent user32.dll 1 Low
GetProcAddress Kernel32.dll 25 Medium
GetStdHandle Kernel32.dll 1 Low
GetSystemInfo Kernel32.dll 1 Low
GetSystemMetrics user32.dll 1 Low
GetTickCount Kernel32.dll 3 Medium
GetWindow user32.dll 17 Low
GetWindowRect user32.dll 1 Low
GetWindowTextW user32.dll 3 Low
GetWindowThreadProcessId user32.dll 13 Low
GlobalAddAtomW Kernel32.dll 1 Low
GlobalDeleteAtom Kernel32.dll 1 Low
GlobalMemoryStatusEx Kernel32.dll 1 Low
HeapAlloc Kernel32.dll 3 Medium
HeapFree Kernel32.dll 2 Medium
InternetCloseHandle Wininet.dll 1 Medium
InternetConnectA Wininet.dll 1 Medium
InternetConnectW Wininet.dll 1 Medium
InternetOpenA Wininet.dll 1 Medium
InternetOpenW Wininet.dll 1 Medium
InternetReadFile Wininet.dll 1 Medium
InternetWriteFile Wininet.dll 1 Medium
IsDebuggerPresent Kernel32.dll 7 High
IsWindow user32.dll 1 Low
LineTo gdi32.dll 2 Low
LoadLibraryA Kernel32.dll 9 Low
LoadLibraryExA Kernel32.dll 1 Low
LoadLibraryExW Kernel32.dll 1 Low
LoadLibraryW Kernel32.dll 3 Low
LoadResource Kernel32.dll 1 Medium
LockResource Kernel32.dll 1 Medium
MapViewOfSection NTDLL.DLL 1 Medium
MessageBoxW user32.dll 2 Low
MultiByteToWideChar Kernel32.dll 1 Low
NdrClientCall2 Rpcrt4.dll 1 Low
NtClose NTDLL.DLL 2 Low
NtCreateSection NTDLL.DLL 3 Medium
NtMapViewOfSection Kernel32.dll 1 Medium
NtQueryInformationProcess NTDLL.DLL 1 High
NtTestAlert NTDLL.DLL 1 High
NtUnmapViewOfSection NTDLL.DLL 2 Medium
OpenProcess Kernel32.dll 25 Medium
OpenProcessToken advapi32.dll 1 High
Filter
Clear