Function Name
NtDelayExecution
Description
NtDelayExecution is used to suspend execution, similiar to the Sleep() API function. This function can be used by malware for evasion purposes.
Library
Ntdll.dll
Associated Attacks
Evasion
Documentation
https://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FThread%2FNtDelayExecution.html
Created: 2021-10-30
Last Update: 2021-10-30
Credits: mr.d0x