moneta
Memory analyzer
A tool for analyzing memory on Windows systems to detect malware IOCs
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
685 stars
13 watching
82 forks
Language: C++
last commit: 8 months ago artifactdumphollowinginjectioniocmalwarememorymonetapeprocessreflectivescannershellcodeusermodewindows
Related projects:
| Repository | Description | Stars |
|---|---|---|
 gleeda/memtriage | Analyze Windows machine RAM artifacts using Winpmem and Volatility | 218 |
 eset/malware-ioc | A repository of malware indicators and rules for threat hunting and analysis. | 1,647 |
 usualsuspect/malscan | A tool to detect and analyze malicious code in process memory by executing Python scripts on YARA matches | 12 |
 shanek2/invtero.net | Analyzes and validates physical memory from various systems to extract process information and hypervisor details | 279 |
 crowdstrike/supermem | A tool for processing Windows memory images to extract relevant information | 258 |
 mkorman90/volatilitybot | Automates memory analysis of malware samples and memory dumps by extracting binaries, injections, strings, and analyzing code using heuristics and YARA/Clam AV scanners. | 263 |
 antique-team/memcad | Analyzes C code for its memory layout and dependencies | 25 |
 rek7/mxtract | Analyzes and dumps memory to extract sensitive information from running processes | 582 |
 cristianzsh/freki | A platform for analyzing malware and performing reverse engineering on binary files | 422 |
 evild3ad/memprocfs-analyzer | Automated forensic analysis tool for Windows memory dumps | 540 |
 guelfoweb/peframe | Analyzes Portable Executable malware and malicious MS Office documents for various suspicious features | 610 |
 hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,032 |
 huoji120/duckmemoryscan | A tool to detect memory-based evasion techniques used in malware and rootkits | 702 |
 ytisf/muninn | A tool to assist in memory forensics analysis on Windows systems by automating the process of extracting and exporting relevant data from memory images. | 52 |
 googleprojectzero/bochspwn-reloaded | An emulator-based tool to detect kernel memory disclosure vulnerabilities by tracking uninitialized memory in guest operating systems. | 297 |