search

UnamSanctam / SilentXMRMiner

A Silent (Hidden) Monero (XMR) Miner Builder
MIT License
566 stars 162 forks source link

Suspicious activity #303

Closed gamethrower closed 3 years ago

gamethrower commented 3 years ago

Why does builder from releases behave differently from one I compiled myself? Your release contacts some IPs and domains. For some reason it launches Firefox.

UnamSanctam commented 3 years ago

No it doesn't.

gamethrower commented 3 years ago

image image

UnamSanctam commented 3 years ago

You can decompile the program with something like ILSpy and look at the code yourself. I don't know what you're checking it with but it might be clicking these or something:

    private void labelGitHub_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
    {
        Process.Start("https://github.com/UnamSanctam/SilentXMRMiner");
    }

    private void labelHackforums_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
    {
        Process.Start("https://hackforums.net/showthread.php?tid=5995773");
    }

    private void labelWiki_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
    {
        Process.Start("https://github.com/UnamSanctam/SilentXMRMiner/wiki");
    }
gamethrower commented 3 years ago

It's VirusTotal Behavior check. When I upload builder that I compiled myself it doesn't do anything like this.

UnamSanctam commented 3 years ago

You would have to ask VirusTotal, you can check the code in with ILSpy and you'll see that it's an exact copy of when you compile it.

UnamSanctam commented 3 years ago

Maybe our compile settings are different or something, like in the folder .vs

UnamSanctam commented 3 years ago

I've reuploaded a build after I cleared the Visual Studio settings, you can test that one.

Khizhniak commented 3 years ago

👀

gamethrower commented 3 years ago

I've reuploaded a build after I cleared the Visual Studio settings, you can test that one.

Where? You didn't upload anything.

UnamSanctam commented 3 years ago

I replaced the current version.

gamethrower commented 3 years ago

It says last update was 26 days ago.

UnamSanctam commented 3 years ago

Yes but I replaced the .zip file of that release. Try it and see.

UnamSanctam commented 3 years ago

Since it's not a new release but just a compile of the current one without the Visual Studio settings that contacted those servers which I would guess is something like Microsofts telemetry.

gamethrower commented 3 years ago

Now it's identical to my version. I hope it wasn't stealer or something.

UnamSanctam commented 3 years ago

You can check the code of the .exe like I said earlier with something like ILSpy, it's not obfuscated. And the miner is 2 years old now without anything like it.

Khizhniak commented 3 years ago

🎉I knew UnamSanctam is great guy!

Khizhniak commented 3 years ago

@gamethrower You already can close this issue.