Login
Login

Draft:GDI malware

{{AFC submission|d|v|u=14.245.39.26|ns=118|decliner=DoubleGrazing|declinets=20250528050454|reason2=nn|ts=20250528042935}}

{{AFC submission|d|nn|u=Mario662629|ns=118|decliner=Greenman|declinets=20250509112410|small=yes|ts=20250508162715}}

{{Short description|Computer software}}

{{Draft topics|software|computing|technology}}

{{AfC topic|other}}

{{multiple issues|{{orphan}}{{notability}}{{citations needed}}}}

{{Cleanup|reason=}}

File:Nuvola apps important.svg
Not enough notable sources.
The subject "GDI malware" may not have enough notable sources online. Please discuss on the talk page.

File:Stop hand nuvola.svg
Warning! This article documents malware!
DO NOT download and run any linked samples on your main PC, or else it can result in your data being deleted! Please make sure to only run them on a virtual machine when testing the samples!

{{stub}}

GDI malwares are malwares made for the Windows operating system that have been developed by various creators. None of these malwares are intended for malicious purposes, they are instead meant to be tested for educational purposes, usually in VMware or VirtualBox.{{cite web | url=https://holdon.fandom.com/wiki/GDI_Malware | title=GDI Malware}}https://quizlet.com/study-guides/gdi-malware-730aab95-8e91-4cc7-9a91-d5f3ae69283d

Execution

Upon execution, they often display 2 warnings, asking the user if they want to run the malware, to prevent further execution by users who are running it on their main device. If the user answers "Yes" to both warnings, the malware will run.

GDI payloads

The main part of these malwares are the GDI effects. Each payload features GDI visual effects on the screen and Bytebeat sounds.

Other payloads

Some malwares have other non-GDI payloads, including:

  • Displaying a fake error message.
  • Shaking open windows.
  • Opening random system programs.

Destructive payloads

Some GDI malwares have safe versions that do not have the destructive payloads listed below, but still have the GDI payloads.

Destructive versions of GDI malware can run the following destructive payloads:

=Final destruction=

Once the malware runs its last payload, the system will crash with a Blue Screen of Death. The system will then reboot to an overwritten MBR, showing either an image or some text, depending on the malware.

Examples of GDI malwares

{{Expand section}}

=[[Pankoza]]<ref>{{cite web | url=https://github.com/pankoza2-pl | title=Pankoza2-pl - Overview | website=[[GitHub]] }}</ref>=

  • Trihydridoarsenic.exe
  • Gadolinium.exe
  • xpmalwrdest.exe
  • destr3ktdows.exe
  • Heptoxide.exe
  • Triphenylarsine.exe
  • Technetium.exe
  • xgqgxtxxgs.exe
  • rwqvhhbsld.exe
  • trichloromethane.exe
  • Holmium.exe
  • salinewin.exe
  • ksdcbrctys.exe
  • MS 0735.6+7421.exe
  • DETTAMROFNIW.exe
  • wgwcpdpgbf.exe
  • dhzfxwwdll.exe
  • oxhzulzwrt.exe
  • jwzyexgnlc.exe
  • 2,3,7,8-Tetrachlorodibenzodioxin.exe
  • btfoiuthns.exe
  • Olthaltlzpz.exe
  • Cytochalasin.exe
  • Getaparane.exe
  • Hexachlorocyclohexane.exe
  • xjmjivqdmpn.exe
  • dlwxzypwwzdtd.exe
  • kclglegrgq.exe
  • Phenylsilatrane.exe
  • webm.exe
  • Oxymorphazone.exe
  • cdm.exe
  • APM 08279+5255.exe
  • xcf.exe

References

{{reflist}}