User Mode Windows Rootkit able to hide Processes, Files, Directories, Registry Key, Registry Value.
Undetectable at the moment in Windows Defender and BitDefender Free Version Antivirus s
[ ! ] You need Administrator Privileges!
[ ! ] Before execute commands to hide some values, if in this victim machine never is executed this binary execute first the UserModeR00tkit.exe without arguments of the command
To use this tool, if it's the first time executed in this machine automatically created the persistence and all the needed for following scenarios, but before start hiding values using the rootkit commands, you need to execute first the UserModeR00tkit.exe without arguments of the command
Commands (as Administrator):
-
UserModeR00tkit.exe
-
UserModeR00tkit.exe ... hide ...
(replace the ...) with the values that you want)
https://medium.com/@s12deff/user-mode-windows-rootkit-98e4eada4949
[ ! ] In the video only one process can be hided, this was for a bug, now is fixed and you can hide all you want!
https://www.youtube.com/watch?v=AhS1ofR_pJc
Process:
- Hide Processes in Task Manager
Files & Directories:
- Hide Files & Directories in File Explorer (explorer.exe)
Registry:
- Registries and Values in regedit.exe
Process:
- rootkit.exe process hide processname.exe
Path:
- rootkit.exe path hide C:\Users\Public\Music
Registry:
- rootkit.exe registry hide valuetohide
Evade Windows Defender:
- Static Analysis:
- Execution/Dynamic Analysis:
Not detected in Execution Time! (4/1/2024)
Detected After restart!
Evade Classic AV (BitDefender Free Version):
- Static Analysis:
- Execution/Dynamic Analysis:
Not detected in Execution Time! (4/1/2024)