silent miner

[Dokazz]

Hi its me again from earlier, I just found this, and i was wondering if I could turn the silent miner into a .mp3 for example.
If you haven't figured yet, I'm very new to this, so expect me to say some things that don't make any sense.
My goal is to send an .mp3 via email or via something else to random people, and when they download the .mp3 and run it, it is an actual mp3 which works, but the silent miner is triggered in the "background"
would this be possible in any way using the Binder?
Thank you

[UnamSanctam]

Only real way (without using media player exploits which you most likely won't find any) is to bind an .mp3 and the miner .exe together with an mp3 icon as the program image and then use something like an extension spoofer. Spoofed extensions don't show in all places but in many places they do show the spoofed extension.

[Dokazz]

If i spoof the merged .mp3 and miner.exe, will that make the fake mp3 openable, or will it do nothing when ran?

[UnamSanctam]

An extension spoofer only uses a special Unicode character called the RTLO (right to left override) character to reverse the end of a file name from something like file mp3.exe into file exe.mp3, the file will still be a normal exe but in some places like the explorer it will show up as file exe.mp3. Then when that .exe spoofed as an .mp3 is run then it will drop both the bound files (an .exe and an .mp3) and execute both of them (if enabled in the builder) so for the user it would just look like an mp3 file was opened.

[Dokazz]

Omg that's exactly what I wanted! thank you so much, I will try this out right now!!
I'm keeping this thread opened if I struggle with the process

[Dokazz]

I just tried binding the mp3 and the miner together, but i get this tcc error when building it, any idea why?
tcc: error: could not run 'D:\silent eth miner\Compilers\tinycc\i386-win32-tcc.exe'

[UnamSanctam]

If you go to that location can you find that file? Make sure that your antivirus hasn't removed or is blocking it. You can also try removing the spaces in the silent eth miner folder.

[Dokazz]

I checked and i don't have any file named like this, though, I have an windows exclusion for the whole silent eth miner folder

[Dokazz]

I just built it with Csharp instead of C and it worked

[UnamSanctam]

Yes that would work, if the file isn't there then it sounds like it was removed by something.

[Dokazz]

Okay I will re-install if I need to, but for now I am going to try with C#
So right now I have my mp3 file, which looks like a real one, and contains my miner.exe as well
Do you know if the music would actually start playing if I executed the mp3? or does it just looks like an mp3 but is an .exe

btw I tried sending it via gmail but it doesnt work

[UnamSanctam]

Yes it will drop and execute both files, so it would start the mp3 just like if you double-clicked it normally. I don't think you can send .exe files directly via Gmail, nor do I think you can receive .exe files either with Gmail either (except through Google Drive).

[Dokazz]

Okay, that is perfect!
What if i corrupt the mp3 file in the beginning so that when the people receive it in google drive, it will not be able to play it inside of the gmail thing, and it will just ask them to download it... --> then, they play it, windows media shows up saying its corrupted, so they think it was a legit mp3 file, but in reality the miner started mining
Im sure this could work right?

[UnamSanctam]

Gmail (and any other thing) will still see it as an .exe file since that's what it is, extension spoofing will only fool humans. You would probably have to add a download link or something similar inside the email instead of attaching it if you're planning to use Gmail.

[Dokazz]

isn't there any way to bypass this .exe thing about gmail?

[UnamSanctam]

Send a download link inside the email or attach it with Google Drive, Gmail seems to deny any .exe files, any zip/rar/7z files containing an .exe file and also any encrypted zip/rar/7z files so that you cannot hide one.

[Dokazz]

okay thank you very much, I am going to try this out

[Dokazz]

Alright, I got everything working now,
I can send it using the google drive thing, I do receive it, but the only problem is that when I try downloading the google drive file, it says it might be infected with a virus, you can still download it, but I don't think people will download any infected mp3's
isnt there a way to obfuscate it so that google drive does not know it is a virus?

[Dokazz]

I made it. Let's gooo
I tested, you can download without google drive saying anything
Now if you run the mp3, you're infected!
mission success

[Dokazz]

just a last question, what does the miner-checker.exe does?
does it check if someone has been infected already?

[UnamSanctam]

Yes if you run it on a computer you have run the miner on then it will say if the watchdog is running and list any miners (from that build) that are currently running.

[Dokazz]

Okay thank you!
btw there might be something wrong because i ran the mp3 to see if it started mining,
and in the checker it said it was not mining
is this normal?

[UnamSanctam]

It should show a miner if it's installed and mining (and you're running the correct checker), unless you only have a GPU miner added and is running it on a VM (that doesn't have a GPU) since it won't start the GPU miner then.

[Dokazz]

what is a VM? and how do we know if it contains a GPU?
is it in the silent eth miner's settings?

[UnamSanctam]

A VM is a Virtual Machine, many test things on them and since they don't have a GPU (except with GPU passthroughs) then GPU miners won't run on them. Run the miner (bound file in this case) again and then start the correct checker (checker from the same build as the miner you're running) and then post a screenshot of it here.

[Dokazz]

i redid a miner, called it final miner
re-binded it with the original mp3 --> called it final version.mp3
ran final version.mp3 --> waited about 5 seconds (since i put the start delay to 2 in the miner)
ran the checker of the miner so the final miner checker --> screenshot

[UnamSanctam]

Wait for a minute or two and try the checker again, it has to install and everything like that.

[Dokazz]

still nothing

[UnamSanctam]

Start the miner normally without binding it and then use the checker after a while and see. If that doesn't work then send your miner settings here by going to the "Main" tab, then pressing "Save", zipping that file and sending it here (drag into the reply box).

[Dokazz]

its weird, it says the watchdog is on,
but in the miners section, its blank

[Dokazz]

im going to leave my home for a couple of hours, just letting you know

[Dokazz]

btw in the binder, when I tick "run as administrator" does that mean it will run as administrator by itself or I have to run it as administrator myself?

[UnamSanctam]

It will ask for it by itself.

[Dokazz]

I ran it through the .mp3
nothing comes up when i launch the checker
i mean the "miners" line is blank

[Dokazz]

maybe its because I bind it in C#?
should I try in native C

[UnamSanctam]

No that shouldn't really matter, make sure that "Run as Administrator" isn't enabled in the miner (enabled by default in Lite) if you don't have "Run as Administrator" enabled in the binder.

[Dokazz]

I enabled both : in the miner and the binder
I am kind of stuck right now..

[UnamSanctam]

Hmm it definitely works, I just tried it myself and it worked fine, first I loaded the "Lite" settings, then I disabled "Run as Administrator" and built it, then I opened the binder, bound the miner file and another random file, then I built it and ran it. The miner and random file then started just fine.

[Dokazz]

ahh must be me then
do you have any idea on what causes this?

[UnamSanctam]

Do the same that I did, use the Lite settings and disable "Run as Administrator", build it and then bind it together with the mp3 and see if that works.

[Dokazz]

just did it, still does not work

[Dokazz]

is it normal that in the checker it says "compatible GPU" but it should be mining with the CPU?

[UnamSanctam]

Yes it just says if you have a compatible GPU to know if it should be GPU mining (in the case that you have a GPU miner).

Here is a test bound file I built with the "Lite" settings: Miner Binder Test.zip. I bound MINERTEST.exe and a cat image together into BoundFile.exe. So download that, extract it, then run BoundFile.exe, wait 1 minute and then run the checker.

[Dokazz]

oh wait
In the Binder, do I still have to build it as an .exe, and then spoof it??
If yes, I am a complete idiot: I was just building it into an .mp3 without spoofing

[Dokazz]

This is surely why it does not work I am so dumb

[UnamSanctam]

Haha yes it needs to be an .exe to be able to be run, then the spoofer will trick the text into saying .mp3.

[Dokazz]

Oh my god I am sorry
I told you I was about to make noobie mistakes x)

[Dokazz]

yep it works ! thank you
Now (I know I might be annoying when I say this) could you please tell me how to spoof files?
like what program to use

[UnamSanctam]

Any extension spoofer online would work, it's even possible to do it manually, but using something like https://github.com/hXR16F/extspoof would be the easiest (just found a random GitHub project).

[Dokazz]

I checked the youtube link on the github and I didnt understand a single thing of what he did 😂
If that was not manually then I don't even wanna hear what manually is

[Dokazz]

is this github legit? https://github.com/henriksb/ExtensionSpoofer

[UnamSanctam]

Yes, though I don't think it has .mp3 added by default (not in the main page .gif at least).

[Dokazz]

ahh yeah you are right
hmm I dont know what to do then
What spoofer do you normaly use?

[UnamSanctam]

I can do it manually so I've never used a program for it, but you can probably use https://github.com/hXR16F/extspoof/releases, open the program, select your bound file and enter the desired file name (for example music.mp3) and press Generate.

[Dokazz]

uuh I used the program but I don't think it is legit: I spoofed the file but it didnt even tell me where to save it, and I can't find the spoofed file anywhere (check with the application named "everything" to find it)

[UnamSanctam]

I think it just changes the file you choose.

[Dokazz]

Im stuck on this
I dont know how to spoof something into .mp3
the only spoofers i found either were not working or didnt do .mp3

[Dokazz]

alright i manually spoofed it
now i have the file that looks like ".....exe.mp3"
the problem is that it gets detected in gmail, and in the google drive, the icon is an executable icon, which is obvious (and it also gets detected sometimes after i send it)

[Dokazz]

Do you have any idea on how to bait google drive and make it think it is an actual mp3?

[UnamSanctam]

Do you have any idea on how to bait google drive and make it think it is an actual mp3?

You can't, only way to do that would be to change the extension but then the person who downloads it would have to change it from .mp3 to .exe themselves.

alright i manually spoofed it now i have the file that looks like ".....exe.mp3" the problem is that it gets detected in gmail, and in the google drive, the icon is an executable icon, which is obvious (and it also gets detected sometimes after i send it)

Yes, Google has it's own VirusTotal like antivirus detection so you'd probably either need a password protected zip or use another file host without a virus scanner and that doesn't show the filetype and then include the link (or as a button) in the email. Sending malware through email is quite an antiquated way of doing it for those reasons.

[Dokazz]

Okay thank you I will try to find a good uploader online tmr!