GDI Malwares

GDI Malwares are a type of Trojan that corrupts and overrides the MBR of the drive, erasing the partition table. Although the MBR is recoverable, the damage is done already after running. After MBR corruption the malware does a series of colorful flashing screen drawing and/manipulation with Bytebeat or single music. Some of these GDI malwares have payloads to prevent the user from terminating it, such as disabling regedit, task manager, or even by moving the mouse intensively to where it is impossible to click. These are dangerous so run them responsibly, unless you want to test it in virtual machines for fun.

Examples:

• Trojan.Win32.MEMZ
• Trojan.Win32.Solaris
• Trojan.Batch.ÿ
• Trojan.Win32.Holzer

Best testing environments

You can safely test these types of malwares in the following software:

• VMWare
• VirtualBox
• Windows Sandbox

Make sure you have a virtual machine with the target operating system preference ready and installed.