Extended Key Usages
ExtKeyUsageCodeSigning
Overview
overview
8Static
static
7memenite-m...me.bat
windows11-21h2-x64
8memenite-m...ID.sys
windows11-21h2-x64
1memenite-m...at.exe
windows11-21h2-x64
8memenite-m...er.exe
windows11-21h2-x64
1memenite-m...er.exe
windows11-21h2-x64
5memenite-m...en.exe
windows11-21h2-x64
1memenite-m...37.sys
windows11-21h2-x64
1memenite-m...er.sys
windows11-21h2-x64
1Behavioral task
behavioral1
Sample
memenite-master/Run me.bat
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
memenite-master/VSTXRAID.sys
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
memenite-master/loadcheat.exe
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
memenite-master/mapdriver.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
memenite-master/mapper.exe
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
memenite-master/maven.exe
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
memenite-master/print1337.sys
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
memenite-master/spoofer.sys
Resource
win11-20240802-en
Target
memenite-master.zip
Size
10.5MB
MD5
6f58e964634ce4dc1c189e1324ef415a
SHA1
cf08d595ed35eefd2fbd1955301066697f85bf33
SHA256
4f98137a7d8cea117fe163661d28f4a4f8cbdc93187bc21456bc9b9446e18015
SHA512
250b07afe02d12abb9c00e0ddac54302252e9af7e71953e93a0f5a64b7abcfa15bd156b5e197d0a3f49f17d1e29fb307f48bba2c85d510c7911af24fc9fc0eb3
SSDEEP
196608:2vAIDVEz/Bb6g5N1nFv3CLJUM2HBpQVBX64ZEcY2cEy3eagDn9nAhg5/kuTZhRDZ:IAImz/dR5N1FvS+M2HBpqZER2cleagDH
resource | yara_rule |
---|---|
static1/unpack001/memenite-master/loadcheat.exe | vmprotect |
Checks for missing Authenticode signature.
resource |
---|
unpack001/memenite-master/loadcheat.exe |
unpack001/memenite-master/mapdriver.exe |
unpack001/memenite-master/mapper.exe |
unpack001/memenite-master/maven.exe |
unpack001/memenite-master/print1337.sys |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
vstxraid.pdb
StorPortInitialize
StorPortResume
StorPortExtendedFunction
StorPortSetDeviceQueueDepth
StorPortPause
StorPortGetScatterGatherList
StorPortGetUncachedExtension
StorPortGetPhysicalAddress
StorPortGetDeviceBase
StorPortSynchronizeAccess
StorPortStallExecution
StorPortSetBusDataByOffset
StorPortGetBusData
StorPortNotification
ScsiPortNotification
RtlInitAnsiString
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
InitializeSListHead
vDbgPrintEx
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlCompareMemory
sprintf_s
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlCopyUnicodeString
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
GetFileVersionInfoExW
GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
CloseServiceHandle
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
RtlLookupFunctionEntry
__CxxFrameHandler4
__current_exception
wcscpy_s
_cexit
free
setvbuf
_unlock_file
___lc_codepage_func
__setusermatherr
WTSSendMessageW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\Users\a\Downloads\kdmapper-1803-1903-master\kdmapper-1803-1903-master\x64\Release\kdmapper.pdb
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
InitializeCriticalSectionEx
CreateFileW
HeapSize
GetTempPathA
GetLastError
LoadLibraryA
GetVersionExA
HeapReAlloc
CloseHandle
RaiseException
VirtualAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
Sleep
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
DeviceIoControl
VirtualFree
HeapFree
FreeEnvironmentStringsW
SetStdHandle
HeapAlloc
LeaveCriticalSection
GetACP
IsValidCodePage
FormatMessageW
WideCharToMultiByte
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
GetModuleHandleW
MultiByteToWideChar
EnterCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
MessageBoxA
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
StartServiceA
OpenServiceA
CreateServiceA
NtQuerySystemInformation
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
CreateFileW
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
LookupPrivilegeValueW
RtlInitUnicodeString
WTSSendMessageW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
I�c���*$���v3�L�ȕ܈����T�}�'F�La:b*@��j�^JuL�%��w�p�S3u'x!�R`��I�i��c7�&^�_>��Zaq��xd�ċ�� ��3��Rg������u��u*pm�K���52kJz�P˾h���Uy^ܼ��r�/�V�m����s6��8�y���Ͳ�����aS��GT~-��^��Ӟ����O*W�<���x�{A�ԇgbDrM;6{�ٙ�c���7�jn�.�2������~Hr�=�C�Z�n�n�r����T���=�6ta�wS�v���F�ȉV���+ퟱ�u���e����xJ@UY� TXcQ��d���ڮs��ſ"-��z_���7�����7b�ɵ�����iVF����Y�iNͭ w��AF�~��hԴrs��>���OH�$�r��/��iZ\�2u����Ҽ���#�E}Z�[U�4�`*�lC��2�����`X�y�䞡ܶ�ܷP���L1.�Gv_�%����A>�� ��.����vR"_�����u��C�Z^��٩27��U(v"R���s�<��;������\�z���b:<�pNH�U'!�o�bz���ݮ�1=�<w=a:�-6��7���H�5��r��� �JG��^Q,�P�/�@$�U�ڹ��/�П��P��:�C���~�&��C>�'l����O���d�d��(��>����:�xh�-C�.��]����#G����K��0���ۘ�o8�ݾ ^2� j� L-}~T���q�~@D������U0�������w��\�u6;>÷��<����4V�F�/�&dp�����#٠hg3[O;��@s���@AZ���^� x:�j��8F�\��)~�+Y=Qx4;����U�ͫ芺T��&�hQfעL�f���p� P�ƾ\����0�H[\����R�C�����p���J����a]ʃ�@,?���p�Z��y���v�:t�B�n]���[ ����A��A�hz��K�� G�dU�������$T'�TgE��߅�"�ޔƚ$����'�>S�V��"��{����t�����:�ߚU�$����Hjھ��=�x�;K�C<"h#*^��"I�M������[T��>���E����{i����dr�߫��3�>����$ ˳�.�h j�" K)�M�U2�r���B�u��q��' �(ⲏz87���Z� 9�!g%@�����әcH]s~�n�&�y����}��B�|5ʤ�ug�q�V�L�x.���|mi���$�]_�w��;*X�`S�����Nܻ��>�$}��s�)��G�%���` (eW�dD�lX#E3@}33I%�: �� 4-� �3@���1%��R��z*&�]@�d��Z�����{��om�e�8�h���Av�-����ߊ/���F�=53�Ҽ�"�n�=IS<�f�;���,�L����6<��'M҅g�%�9^9|Z�Ρ�E��濖k%ʪ�ϑ8���J�IiS��e�Ag8�\�E����� ���<���_�@^+��˞�f�� �!%^gP�������@o�͕�EBXꬭ�5��*{���s�@ۙ���c$v9,1�Y,$��lֵ�'u6ҏN�Am 6X���F�l�3%d���5���Z���1̗�~ ���f�t������ B �%xOj�:l�&_���;�z�"�Τ,��c��F@�O�,e�s��>e�y��G���*�dV�u�: ��}U���i�t.�p�dW�nP��2���@J���@[v��)ae��t�銂&P�x��V�9�C������?�#���N���g{�x:� !�Uiu�5��p�I��M�.�{|�_�[�c8/U-�&�5c��B �Q_�^A#����o���&f�2�����+?.|��od�����0`>T�WʘΠ�b���~�~3���}@�����\ �,a���xɬ�=8��|*[g;��=��BT�k4�x&&�;\����>�@QN���;fI�kʍD� D���Zf�c6-gԓ�r��j8 ��ո۴@��b�w��J��T{�5�%zw��U��"H#X��u�1t���>`�l���;��K�{#��SXXF:����["/Y4z? u!a��m�lv,��Cȡ��s}���~F��$�5���Lm��=��������S��/��l��O���v=A��w���!�Zi����A��#�5�cRTh���4�)%%h��,�P��a��f٪yKX&/�zO�̭ؐNJ��/���> |!�-�l�J��3���pH� ��s6��1��D���|@BK�K�9�7�v ��ܣ�!\x1{E��2���<z䮗�=��+�y!2/V[���%k���{Ad�w���z�ˮ���#�A���W����: <#�oXk�=�`�X�WK�ԅ�z9���x��u���q8�O/����8epd�{�(�m��mxdw '�3?9��b#8�!��!����E�`T��e��ZpY�6�{�[�MJ��*&�3��������/0�*��J�����9����-���+��X�ƀ�v�S\2y:'����X��A��۱g&t��p;����p��H�#�E���p/Gv"�8�y��Q�ܬ�!� '����N�Vq�3˻����6Ĉ����e����#��Γv��l�k�æpP��ħn�Jq8Q!����Qs�H�����ejW�7|ɜ�b���Zrf��6��c�g�Fq7:�X�8a =-�t�^���pЖ��zȖ+�W�z\����`sl�%�� ۖr? �� �������dK��L��|�2�!U�P�� �Ϙ�/�:=����w�0�,ӤLt�k�$���Yk��J.�|��2ͪ��fڰ��C�;r���`���0�сw+2f�x�(p��Kt*,x�}#x�6���T\�'��U51uͦ�U20����ZwAY�8�ϸȍ&�ߡ~�V��ɜk"e7˨������H��[B�>E:�4���)3@ U�M�4f�)�����{��r��+0K�y�4�By�2p����'t�p}>���� �:�G� ��u��|�*�3��
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
LoadLibraryW
GetProcAddress
Sleep
LoadLibraryA
WriteConsoleW
HeapSize
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
MessageBoxA
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\Users\Wotec\source\repos\Spring\x64\Release\kernelmode.pdb
MmIsAddressValid
ZwQuerySystemInformation
ObfDereferenceObject
RtlInitUnicodeString
MmCopyVirtualMemory
IoCreateDriver
IoGetCurrentProcess
PsLookupProcessByProcessId
ExAllocatePoolWithTag
IoCreateDevice
PsGetProcessSectionBaseAddress
ExFreePoolWithTag
strstr
IofCompleteRequest
IoCreateSymbolicLink
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageKeyEncipherment
KeyUsageDataEncipherment
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
RtlInitUnicodeString
KeQuerySystemTimePrecise
ExAllocatePool
ExFreePoolWithTag
RtlRandomEx
ObReferenceObjectByName
IoDriverObjectType
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE