Enhanced MEMZ (again)

Hey Guys!

It’s me again with an update of what I’ve fabricated here: (Topic “Enhanced MEMZ”)

In said contribution I modified MEMZ to work without user input and UAC popup. (I jokingly named it “MEMZ-Destructive 5.0”, because the last contribution from the original author was version 4.0)

Today I can present you MEMZ-Destructive 5.1 (download here, pass: infected)

What’s new?

+ integrated architecture check for x86/x64 - more user friendly, only one binary for all
+ switched exploit code (thanks to the metasploit framework for writing such beautiful exploits)
+ so stable, much stealth, wow. (MEMZ is now more stealthy and won’t drop binarys into the same folder as the original .exe anymore)
- removed nyan icon. It simply doesn’t want to work…

How to use?

Not much has changed here.

  1. Find Scammer
  2. Upload MEMZ.exe
  3. Double-click MEMZ.exe
  4. Wait 5 seconds for the exploit to work
  5. The Scammer now enjoys all the MEMZ.

Proof of Concept

Why do I post this?

Yes, I now it is more or less a repost, but there’s really a few new things “behind the scenes” (code).
Also, I need you guys to help me! I usually test my code in a Win7 VM before publishing but somethimes there are complaints that the code doesn’t work on some other machines. Does anyone want to be a MEMZ 5.1 beta tester? Then fire up your VM and test the **** out of MEMZ. If something doesn’t work and you (don’t) now why, please message me so I can improve it. Feedback is appreciated very much! I mean, we all wan’t these scammers to go down the most hilarious way, don’t we?

Important Notice: Please keep in mind that this is intended to work on Windows 7!

I simply did this because it is easier to work on one platform than cross-platform. If you want a Win10 version just ask; I will try but it could take a while.


I know scammers typically don’t use antivirus but, just throwing this out there… It’s been flagged as malware for using CVE-2017-0213

Yep, that’s correct. This is because I used a Windows COM Elevation Vulnerability for the Privilege Escalation in order to bypass UAC. On the other hand, MEMZ should also be found by any antivirus.

I personally never seen them use antivirus, but feel free to modify the binary according to your needs! (For example using a crypter against static analysis) :smile:

I think hosting this in a github repo would be a lot more conducive to us testing it and working with you to get it evolving

Do you have any other Link, Anonfiles isnt working anymore