add .NET TickCount anti-debug sample

[aryanyk]

This PR adds a minimal .NET sample demonstrating timing-based anti-debug behavior using Environment.TickCount and Thread.Sleep.

The sample was created to support capa rule development for detecting timing-based debugger checks, as discussed in capa-rules issue #596.

The binary triggers detection for repeated reads of Environment.TickCount combined with Thread.Sleep.

[mike-hunhoff]

@aryanyk lints are failing - please ensure all lints pass locally before requesting another review.

ERROR:capa.tests.data:invalid file extension: TickCountAntiDebug.dll

[aryanyk]

Hi @mike-hunhoff

Can you please run the CI . I have fixed the linting Issue

[mike-hunhoff]

@aryanyk lints are failing - please ensure all lints pass locally before requesting another review.

[aryanyk]

@mike-hunhoff

Thanks for the feedback!

I tracked down the lint failure to the sample filename and updated it to follow the capa-testfiles convention (MD5-based filename with the appropriate .dll_ extension). I verified locally by running .github/check_sample_filenames.py on the sample, which now passes.

The PR has been updated accordingly. Please let me know if any further changes are needed.

[mike-hunhoff]

@aryanyk there are now two files. Please fix.

[aryanyk]

Thanks for pointing that out! @mike-hunhoff

I’ve removed the extra file and updated the PR so that only the correctly named sample is included. The diff now contains just the intended file.

Please let me know if everything looks good.