Could someone give me a brief overview of the what the code is doing? I see a bunch of "on ____" blocks, which I thought might be functions but then they don't seemed to be called later on (unless I am missing something). What language is this?

The code is written in LiveCode. According to the documentation, those "on" blocks appear to be message handlers. [1] They do appear to act like functions as "sW" and "sC" are called from the "doSearch" message handler block. These blocks also are what contain the malicious code.

Basically, the code is searching for bitcoin.conf and wallet.dat in the typical storage place Bitcoin-Qt stores its data. If it manages to find these files, it reads them and sends the contents of them off to two different web addresses, effectively stealing the Bitcoin wallet. The paths and filenames the code uses to find this data are Base64 encoded in the source code so a text search through the code will come up with nothing unless the strings used for searching are Base64 encoded first.

[1] http://livecode.com/developers/api/6.0.2//on/

It's http://livecode.com/

Whoever dumped it is talking about it in the reddit thread, start there. Those are definitely function like things.

Code linked in 2 and 3 looks like VB. Link 3 gives overview of how it works.