Minergate Forum

Forum of the best Mining Pool ever.

SilentCryptoMiner v3.2.0

Moderators: ikanunaki, Janika, JaneMurphy, Ar1k88, DanteSama, Dossis, tykari

daxian
Posts: 120
Joined: Sun Sep 17, 2017 2:47 pm

SilentCryptoMiner v3.2.0

Postby daxian » Fri Apr 14, 2023 11:34 am

Image
Changed miner settings from being passed through the command line to instead be passed directly through the PEB
Changed XMR miner to clear RAM during "Stealth" when possible
Changed PEB calls to be more obfuscated due to new detections
Changed miner to read the current executable path for installation directly from the PEB instead of a Windows API call
Changed miner and watchdog to read the environmental variables directly by traversing the PEB
Included rootkit directly inside the miner instead of using the rootkit installer to avoid the new AMSI detections and for more flexibility
Changed rootkit to now run outside of the "Startup" installation flow to allow for it to run when "Startup" is disabled
Moved "Install Rootkit" out from "Advanced Options" and renamed it to "Use Rootkit (Hide Miner)" since the rootkit should now be stable
Updated compiler command options to reduce detections
Added system call registry access functions to allow registry manipulation without using the Windows API or CMD
Changed GPU checking to directly read the registry instead of using a WMI command with a file buffer
Added signature cloning tab where you can clone the digital certificate of another program into the miner
Moved administrator checks from powershell directly into the C++ code
Added Task Scheduler "Startup" entry checking into the Watchdog
Merged obfuscate.h library and obfuscatew.h library into a custom-made unified version called obfuscateu.h
Added a custom-made SysWhispersU direct system call generator and removed the previous SysWhispers2
Modified SysWhispersU and obfuscateu.h to use different encryptions in order to avoid XOR detections
Added simple obfuscation to well-known SysWhispers constants and offsets to avoid static detections
Readded explorer.exe as injection option
Made explorer.exe the default injection option again
Updated uninstaller to instead find the watchdog and miner processes by enumerating system mutex handles to find the owner process
Added "Disable Windows Update" rollback into the uninstaller to allow the uninstaller to fix Windows Update during uninstallation
Updated checker to instead check if the mutex is active to ascertain whether the miner and watchdog is running or not
Merged many C++ files together to be able to store them unzipped in the project in order to make all code changes directly visible in commits
Optimized and shortened many functions such as the previously verbose process creation function
Increased delete pending injection temporary file name length to further decrease collision chance
Fixed possible parent spoofing failure if required buffer size changes between system calls
Change installation to call reg.exe and schtasks.exe directly when possible instead of through cmd.exe
Fixed "Startup" installation bug on some systems when "Entry Name" contained a space
Fixed support for Unicode characters inside the "Assembly" settings
Updated both miners
Added Portuguese (Brazil) translation (MatheusOliveira-dev)
https://drive.google.com/file/d/1dhGfWt ... sp=sharing pass 12345
Last edited by daxian on Wed Jul 05, 2023 2:57 pm, edited 4 times in total.

daxian
Posts: 120
Joined: Sun Sep 17, 2017 2:47 pm

Re: SilentCryptoMiner v3.2.0

Postby daxian » Mon Jun 26, 2023 1:48 pm

Updated! 2023.06.20


Return to “English Forum”

Who is online

Users browsing this forum: Andreasvxs and 2 guests

cron