SilentCryptoMiner Versions Save

• Changed administrator "Startup" installation procedure from using the Task Scheduler to instead install as a Service
• Changed the Administrator "Startup" installation from installing into "Program Files" to instead install into "ProgramData"
• Removed the "Run as System" option due to Services always running as System
• Added MSRT removal to the "Add Defender Exclusions" feature
• Changed the C++ compiler to one with less detections and better features
• Improved external compiler starting procedure to bypass compiler bugs when the build path contains spaces or unicode characters
• Modified the compilation process to incorporate "strip" for the removal of all unnecessary symbols and relocation data
• Adjusted compiler optimization level to mitigate some antivirus detections
• Enabled LTO during compilation to remove a lot of compiler caused detections from unused sections
• Changed the compiler from using temporary files to instead use pipes in order to work better with some irregular environments
• Changed the compilation procedure to add a randomized creation date and last write date to the built miner files
• Reverted miner builder .NET Framework version back to .NET 4.5 from .NET 4.8 for better compatibility
• Changed the miner injection technique to both reduce complexity and antivirus detections
• Optimized the process creation code
• Remade miner injection loop code and watchdog mutex check loop code to bypass a new targeted Windows Defender detection
• Greatly improved the SysWhispersU syscall generator
• Switched over from static syscalls to randomized dynamic syscalls
• Changed the "Run as Administrator" feature to elevate programmatically instead of through a manifest file to avoid manifest caused detections
• Added obfuscation to all constants and literals
• Added base64 encoding to embedded files in order to bypass detections caused by high entropy data
• Changed the embedded resource format from hex to decimal in order to reduce memory usage and time during compilation
• Changed the default "Startup" tabs "Entry Name" and "File Name" to a randomized string due to Windows Defender targeting the current default names
• Added new "Randomize" button next to the "Startup" tabs "Entry Name" and "File Name" options to allow for fast randomization
• Added new "Advanced Option" that allows automatic UPX packing of the embedded miner resource files
• Changed the "Disable Windows Update" and "Disable Sleep" functions to directly call the programs instead of calling them through a command line
• Changed default "Inject Into" program to conhost.exe instead of explorer.exe due to explorer.exe now triggering detections when running under System
• Added ".exe" extension exclusion to "Add Defender Exclusions" feature in order to potentially prevent some future general memory detections
• Removed XMR "GPU Mining" option due to problems with CUDA and it being worse than the already existing dedicated GPU miner
• Removed XMR "CPU Mining" option due to it having no reason to exist now that the "GPU Mining" option is gone
• Rewrote XOR cipher function to bypass XOR obfuscation detection
• Remade the "Block Websites" feature code to bypass some detections caused by looping
• Greatly improved the overall code to reduce wasteful calls, handles and possible code signatures
• Changed "Start Delay" to only apply before installation in order to avoid timeouts
• Updated the uninstaller to properly remove all files
• Updated the miners

• Added OpenCL ICD loader statically into the GPU miner because some systems local loaders do not seem to work
• Added automatic CPU mining core restart when a prolonged period of zero hashrate is detected
• Fixed administrator "Startup" trigger to be "on login" when "Run as System" is disabled
• Reduced some antivirus detections by modifying the miner compilation command
• Changed some miner builder compiler commands to be absolute instead of relative
• Added "Assembly" tab "Version" number sanitization
• Fixed unnecessary log warning during compilation
• Removed many old unused debug strings inside the miners

• Added the KawPow (kawpow) algorithm directly into the GPU miner
• Added new FiroPow (firopow) algorithm
• Added new ProgPow (progpow) algorithm
• Added new ProgPowZ (progpowz) algorithm
• Added new EvrProgPow (evrprogpow) algorithm
• Implemented KawPow, FiroPow, EvrProgPow, ProgPow and ProgPowZ using only OpenCL for both Nvidia and AMD to bypass large CUDA NVRTC library requirement
• Rewrote most of the GPU miner to add support for multiple algorithm families and to greatly improve stability and reliability
• Added Sero-Proxy protocol to be able to mine Sero (ProgPow)
• Removed KawPow (kawpow) algorithm from the XMR miner and also the large CUDA NVRTC library to make sure no one accidentally uses it
• Re-added the Panthera (rx/xla) algorithm
• Added Zephyr coin (rx/0) solo mining support
• Moved the XMR miner "GPU Mining" option into the "Advanced" tab to discourage unprofitable XMR GPU mining
• Moved the "Use Rootkit" option into the "Advanced Options" for better clarity regarding its complexity
• Changed Task Scheduler Task creation from Powershell to only using the command line with a temporary XML file
• Changed MSR driver path from using a static library path to a dynamically generated path
• Modified embedded file encryption and decryption to reduce heuristic detections
• Changed the code compiler build to different one to greatly reduce the compiler-caused antivirus detections
• Improved the external compiler execution commands by better forcing absolute paths in commands
• Added a mutex into the miner installer/injector to make it checkable by the watchdog
• Reduced the watchdog checking interval for better persistance
• Removed unused helper functions
• Rewrote uninstallers miner killer function to work with Process IDs above the ushort limit
• Changed unicode string initialization from a macro to a function to reduce the final code size
• Changed string formatting from using the built-in Windows API to instead use a much smaller custom function
• Moved web panel reporting to happen before CPU idle usage change in order to help make the hashrate look less confusing
• Improved RandomX database regeneration speed when leaving "Stealth" on pools with infrequent new jobs
• Fixed weird default "Stealth on Fullscreen" configuration value when "Run as System" was disabled
• Fixed possible null terminator string length counting problem inside the GPU checking function
• Reduced unnecessary recursive directory creation function stack size
• Changed miners execution state to no longer always semi-block sleep mode on some computers
• Restructured the algorithm selection list to be easier to use
• Added semi-CLI functionality for building miners through the command line
• Updated the rootkit to a new version

• Changed miner settings from being passed through the command line to instead be passed directly through the PEB
• Changed XMR miner to clear RAM during "Stealth" when possible
• Changed PEB calls to be more obfuscated due to new detections
• Changed miner to read the current executable path for installation directly from the PEB instead of a Windows API call
• Changed miner and watchdog to read the environmental variables directly by traversing the PEB
• Included rootkit directly inside the miner instead of using the rootkit installer to avoid the new AMSI detections and for more flexibility
• Changed rootkit to now run outside of the "Startup" installation flow to allow for it to run when "Startup" is disabled
• Moved "Install Rootkit" out from "Advanced Options" and renamed it to "Use Rootkit (Hide Miner)" since the rootkit should now be stable
• Updated compiler command options to reduce detections
• Added system call registry access functions to allow registry manipulation without using the Windows API or CMD
• Changed GPU checking to directly read the registry instead of using a WMI command with a file buffer
• Added signature cloning tab where you can clone the digital certificate of another program into the miner
• Moved administrator checks from powershell directly into the C++ code
• Added Task Scheduler "Startup" entry checking into the Watchdog
• Merged obfuscate.h library and obfuscatew.h library into a custom-made unified version called obfuscateu.h
• Added a custom-made SysWhispersU direct system call generator and removed the previous SysWhispers2
• Modified SysWhispersU and obfuscateu.h to use different encryptions in order to avoid XOR detections
• Added simple obfuscation to well-known SysWhispers constants and offsets to avoid static detections
• Readded explorer.exe as injection option
• Made explorer.exe the default injection option again
• Updated uninstaller to instead find the watchdog and miner processes by enumerating system mutex handles to find the owner process
• Added "Disable Windows Update" rollback into the uninstaller to allow the uninstaller to fix Windows Update during uninstallation
• Updated checker to instead check if the mutex is active to ascertain whether the miner and watchdog is running or not
• Merged many C++ files together to be able to store them unzipped in the project in order to make all code changes directly visible in commits
• Optimized and shortened many functions such as the previously verbose process creation function
• Increased delete pending injection temporary file name length to further decrease collision chance
• Fixed possible parent spoofing failure if required buffer size changes between system calls
• Change installation to call reg.exe and schtasks.exe directly when possible instead of through cmd.exe
• Fixed "Startup" installation bug on some systems when "Entry Name" contained a space
• Fixed support for Unicode characters inside the "Assembly" settings
• Updated both miners
• Added Portuguese (Brazil) translation (MatheusOliveira-dev)

03-04-2023 Hotfix:

• Fixed possible null terminator string length counting problem inside the GPU checking function

• Changed process creation from undocumented API calls to direct system calls
• Added process parent spoofing with token impersonation when creating processes
• Created custom process parameter creation to avoid API calls
• Added system call process enumeration for parent spoofing
• Updated SysWhispers2 with custom process creation definitions and more
• Modified SysWhispers2 assembler instructions to bypass new detection
• Changed all indirect API calls to direct system calls
• Changed compiler binaries to reduce some compiler caused detections
• Fixed known XMR "GPU Mining" compilation error with new compiler
• Fixed XMR GPU library location checking on some systems
• Changed GPU memory checking from CUDA API to NVML for much better accuracy
• Updated ethminer CUDA and OpenCL mining implementations
• Updated ethash, etchash and ubqhash algorithm implementation
• Added improved CUDA and OpenCL automatic restart on error or crash
• Improved GPU limit sleep time accuracy for powerful GPU cards
• Removed ETH from the preset list due to the ETH merge from PoW to PoS
• Added EthereumPoW (ETHW) fork of ETH to the preset list
• Rewrote website blocking to avoid using string to reduce dependencies
• Updated rootkit and fixed some rootkit bugs
• Fixed many miscellaneous bugs
• Updated xmrig

• Added GPU check support for some Radeon RX GPUs
• Added more API function bypasses for lower possible future detections
• Changed compiler paths from relative to absolute paths

• Fixed GPU checking when running as the System user
• Future-proofed some possible future detections

• Rewrote entire miner and watchdog in C++ to replace the C# miner and watchdog
• Rewrote much of the builder for the rewritten miner and watchdog
• Added custom C++ compiler package
• Added custom compiled version of SysWhispers2 to randomize syscalls seed on every build
• Changed default injection target to conhost.exe
• Removed injection target "explorer.exe" due to new protections and inconvenience
• Added new injection target "dwm.exe"
• Removed now unnecessary options "Shellcode Loader", "In-memory watchdog" and "Do built-in obfuscations" because of the rewrite
• Removed now unnecessary DLL modules because of direct implementations
• Temporarily removed the "DEBUG" and "Overwrite old miners" options
• Updated both miners
• Added Spanish translation (Xeneht)
• Added Russian translation (BITIW)

There might not be many entries in the changelog but that is mainly because everything was rewritten so it's hard to write down specific changes. There's also an issue on some computers to compile with XMR "GPU Mining" enabled which I'm aware of, it's due to the large filesize of the XMR CUDA libraries and will be "fixed" in a future version"

• Fixed mysterious reported ETH stratum disconnection
• Further improved ETH miner web panel status reporting from feedback
• Reduced minimum minor CUDA version for more driver compatibility
• Reduced ETH VRAM CUDA overhead slightly
• Reduced critical process protection delay
• Fixed missing builder admin shield images

Sorry for the quick update, thought it was necessary instead of waiting until the next release. Mostly due to the ETH stratum disconnection that someone has reported was happening for them. Seems to have been fixed automatically after rebuilding the binary a few times.

• Bypassed new Windows Defender exclusion detection and removal
• Added new improved process hollowing module ProcessInject which replaces the old process hollowing
• Added new "Critical Processes (BSoD)" option to mark the miners and watchdog as critical processes, thus causing a BSoD when killed
• Added new in-memory native DLL loader for the new modules, ProcessInject and ProcessProtect
• Greatly improved dynamic DAG/VRAM management, including better regeneration when enough VRAM becomes available to mine
• Changed startup flow to be more dynamic and persistent
• Improved the watchdogs persistence
• Greatly improved ETH miners web panel status reporting logic
• Improved ETH miners failover connection logic and default timing parameters
• Removed AstroBWT algorithms due to constant forking and instabilities
• Updated XMR miner
• Added Polish translation (Werlrlivx)