📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

GDI malware

From EverybodyWiki Bios & Wiki



Warning icon
Not enough notable sources.
The subject "GDI malware" may not have enough notable sources online. Please discuss on the talk page.
Stop icon
Warning! This article documents malware!
DO NOT download and run any linked samples on your main PC, or else it can result in your data being deleted! Please make sure to only run them on a virtual machine when testing the samples!

GDI malwares are malwares made for the Windows operating system that have been developed by various creators. None of these malwares are intended for malicious purposes, they are instead meant to be tested for educational purposes, usually in VMware or VirtualBox.[1][2]

Execution

Upon execution, they often display 2 warnings, asking the user if they want to run the malware, to prevent further execution by users who are running it on their main device. If the user answers "Yes" to both warnings, the malware will run.

GDI payloads

The main part of these malwares are the GDI effects. Each payload features GDI visual effects on the screen and Bytebeat sounds.

Other payloads

Some malwares have other non-GDI payloads, including:

  • Displaying a fake error message.
  • Shaking open windows.
  • Opening random system programs.

Destructive payloads

Some GDI malwares have safe versions that do not have the destructive payloads listed below, but still have the GDI payloads.

Destructive versions of GDI malware can run the following destructive payloads:

Final destruction

Once the malware runs its last payload, the system will crash with a Blue Screen of Death. The system will then reboot to an overwritten MBR, showing either an image or some text, depending on the malware.

Examples of GDI malwares

Pankoza[3]

  • Trihydridoarsenic.exe
  • Gadolinium.exe
  • xpmalwrdest.exe
  • destr3ktdows.exe
  • Heptoxide.exe
  • Triphenylarsine.exe
  • Technetium.exe
  • xgqgxtxxgs.exe
  • rwqvhhbsld.exe
  • trichloromethane.exe
  • Holmium.exe
  • salinewin.exe
  • ksdcbrctys.exe
  • MS 0735.6+7421.exe
  • DETTAMROFNIW.exe
  • wgwcpdpgbf.exe
  • dhzfxwwdll.exe
  • oxhzulzwrt.exe
  • jwzyexgnlc.exe
  • 2,3,7,8-Tetrachlorodibenzodioxin.exe
  • btfoiuthns.exe
  • Olthaltlzpz.exe
  • Cytochalasin.exe
  • Getaparane.exe
  • Hexachlorocyclohexane.exe
  • xjmjivqdmpn.exe
  • dlwxzypwwzdtd.exe
  • kclglegrgq.exe
  • Phenylsilatrane.exe
  • webm.exe
  • Oxymorphazone.exe
  • cdm.exe
  • APM 08279+5255.exe
  • xcf.exe

References

  1. "GDI Malware".
  2. https://quizlet.com/study-guides/gdi-malware-730aab95-8e91-4cc7-9a91-d5f3ae69283d
  3. "Pankoza2-pl - Overview". GitHub.


This article "GDI malware" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:GDI malware. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=GDI_malware&oldid=4982091"
License CC BY-SA 3.0
Powered by MediaWiki