KillDisk is a module of BlackEnergy framework aimed at data destruction and creating havoc / distraction during the APT operations. The main tools used in our analysis today are Process Monitor and IDA Pro Disassembler. All manipulations will be performed in virtual environment based on Windows XP operating system. We start with making a quick initial setup of test VM, power on the machine and create a snapshot called Before infection. Let us head straight to the main function, i.e. the WinMain function.”]
Source: https://socprime.com/blog/dismantling-killdisk-reverse-of-the-blackenergy-destructive-component/