MalAPI.io
Contribute
FAQ
Other
Living Off Trusted Sites
Filesec.io
Security Blog
Function Name
CreateToolhelp32Snapshot
Description
CreateToolhelp32Snapshot is used to enumerate processes, threads, and modules. This function is commonly used by malware to enumerate processes before process injection.
Library
Kernel32.dll
Associated Attacks
Enumeration
Anti-Debugging
Documentation
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot
Created: 2021-10-30
Last Update: 2021-10-30
Credits: mr.d0x