did you mondark crypto through confuserex?

[Toxenskiy]

sihost64.exe detected new detect

[UnamSanctam]

Yes I obfuscated Mandark although not through ConfuserEx

[UnamSanctam]

And you can obfuscate the Watchdog as I said before if you want to decrease the detection

[Toxenskiy]

This is the obfuscated version. You can throw off the original Mondark, I myself want it crypting

[UnamSanctam]

This is the unobfuscated Mandark but the detection you sent doesn't have anything to do with that. Mandark.zip

[Toxenskiy]

i know

[Toxenskiy]

obfuscated miner

[UnamSanctam]

Is that from Windows Defender when you run the miner?

[Toxenskiy]

+

[Toxenskiy]

yea

[UnamSanctam]

Interesting

[Toxenskiy]

I think obfuscation is not enough, we still need to impose something

[UnamSanctam]

Can you try building a miner with this version (it's using the old injector) and see if you get the same detection? Silent XMR Miner Builder.zip

[Toxenskiy]

try. but first I want to try to impose a different defense

[UnamSanctam]

What kind of defense?

[Toxenskiy]

helped

[UnamSanctam]

Did you do that on the Mandark?

[Toxenskiy]

not on the whole miner, Mondark I encrypted in order to make it unique, otherwise it’s not a fact that yours will not be killed

[UnamSanctam]

Yes obfuscating the miner should always be done but if you try building a miner with the latest file I sent does it still get detected as CoinMiner when you start it? Or when did it detect it as CoinMiner?

[Toxenskiy]

obfuscation works for 10 minutes, after 10 minutes it writes detection

[Toxenskiy]

the only thing that smartscreen complains about every launch

[UnamSanctam]

Yes that will always happen unless you get it certified from Microsoft which you can't really do https://docs.microsoft.com/en-us/windows/win32/win_cert/windows-certification-portal?redirectedfrom=MSDN

[Toxenskiy]

But it never happened before

[UnamSanctam]

That only happens on computers that have it on, I don't get any messages like that and most others don't either

[UnamSanctam]

Do you get the same message if you use Silent XMR Miner Builder.zip?

[Toxenskiy]

ok try

[Toxenskiy]

to impose obfuscation? If so, at what level

[UnamSanctam]

Use any, I just want to see if you experience any difference when using the old injector (that builder has the old one).

[Toxenskiy]

well, it seems like there are no complaints from the antivirus, but this is only after launch

[Toxenskiy]

and how do injectors differ?

[UnamSanctam]

The code is a bit different, I wanted to upgrade it since I was worried that the injector was a bit unstable but maybe it works fine with the old one. So now I have to decide whether to use the old one or revert to the old one.

[Toxenskiy]

It would be cool if you did 2 versions, one uploaded in telegram and the other here.

[Toxenskiy]

So that there are not many detections straight.

[UnamSanctam]

Well the code will still be the same so the detections wouldn't differ too much since I don't have the time to change the entire code signature.

[Toxenskiy]

old injector detected

[Toxenskiy]

sihost64 detected last version obfuscated maximum

[UnamSanctam]

Yeah, that's not the sihost64 getting detected but the obfuscator being detected

[UnamSanctam]

Some protections do get detected sometimes

[Toxenskiy]

I can't find a normal obfuscator in any way

[Toxenskiy]

Eziriz detected, confuserex detected

[UnamSanctam]

Yeah, obfuscators get detected after a while, sometimes it works by using less protections

[Toxenskiy]

you thought to make a config, just every time it takes a very long time to enter everything

[UnamSanctam]

Yeah, it's just that making a config will be a lot of code so I haven't had time yet.