Well, it depends if the Key Stealer is encrypted. I use Red Gate. It's a decompiler. Just open up the assembly and look for lines like "send key" or "web request" or even just "web". Some are just easier to find...I'd also like to add that you won't be able to do much with the website. All key stealers send them to a secure database usually with log in information. Unless you know how to brute force, then it won't be much use....But even then, brute forcing is highly infective unless you have thousands of bots and/or computers..