MEM64 - Memory Only Payload With HTA Attack Vector.

MEM64 – Memory Only Payload With HTA Attack Vector.

LEGAL DISCLAIMER:
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

MEM64 is a script Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.
TODO:
– This Software allows you to run directly to memory every Native PE file .
– It interacts with powershell via HTA attack vector.
– The best way to achieve infecting your victim is Social Engineering.

PE Exe Payload

Dependencies:
– Linux with wine and All Windows Support
– Python 2.7.x

Usage:

Source: https://github.com/0xyg3n