search

cuckoosandbox / monitor

The new Cuckoo Monitor.
GNU General Public License v3.0
337 stars 166 forks source link

NtOpenEvent hook #51

Open doomedraven opened 7 years ago

doomedraven commented 7 years ago

"EventName" from NtOpenEvent required for Andromeda for example

eventname_int = int(eventname)
if eventname_int == self.sysvolserial ^ 0x696e6a63: # 'injc'