MineRootkit

PoC Windows Usermode Rootkit made in C# and C++, made to show you how to protect your process using hooking, but note that this hook is bad and isn't may crash the process, but it's just a poc after all. (if you liked it please give me a start to continue on this and other projects)

Usage

All you have to do is to enter the process id in the textbox which you want the program to be prevented from terminating MineRootkit, you can choose something like Task Manager or Process Explorer.

Tests (Tested only on windows 10 x64 machine)

Task Manager - Success

Process Explorer - Success

Process Hacker - Failed (Depends on a kernel-driver)

Video Showcase

Youtube Video Showcase: https://youtu.be/sVxOJApqGJM

Detection (x64 version)

The Rootkit are currently FUD, Note That these results may change as time passes. (uploaded at the date of 12/2/2021)

AntiScan.Me

AntiScan.Me Results:

Executable: AntiScan.Me Executable Detection (0/26 at the time of uploading it.)

Dll: AntiScan.Me Dll Detection (0/26 at the time of uploading it.)

Kleenscan

KleenScan Results:

Executable: KleenScan Executable Detection (0/40 at the time of uploading it.)

Dll: KleenScan Dll Detection (1/40 at the time of uploading it.)

VirusTotal

VirusTotal Results:

Executable: VirusTotal Executable Detection (1/63 at the time of uploading it.)

Dll: VirusTotal Dll Detection (4/64 at the time of uploading it.)