abnormal number of logged NtDelayExecution calls
MerX1030 opened this issue · comments
Test sample:
MD5 021f31695fd226cedb5f944860a6dc5b
SHA1 17c8273082cbbf34a0a6d5deaff87bb82d2ce168
There seems to be an abnormal amount of logged consecutive calls to NtDelayExecution for this sample.
I reversed this sample using OllyDbg and traced up to the address in the "behavioral analysis" tab.
The number of call should only be 10 but cuckoomon seems to continuously log infinitely.