ive actually been spending a lot of time with this virus.
My assembly skills are not the sharpest but Ive decompiled and figured out as much as possible
I dont see anywhere where it attempts to mess with the bios
cgkanchi
I wish I would have made another partition or ran on a vmware because I managed to infect myself when I played with it on windows...anyways heres some things that helped me
the email comes mime encoded -> linux tool mpuck can encode and decode mime
the executable is upx encoded -> upx tool (multi-platform) can encode and decode upx
at this point your can perform some reverse engineering
linux 'strings' will actually produce quite a few the names and email extensions are plainly visible but he/she attempts to hide many of the registry and system i/o with a ceasar cipher of right shift 13 characters
id be interested in hearing any other things you find
That which does not kill me makes me stronger -- Friedrich Nietzche