57
edits
Madoka.exe: Difference between revisions
m
no edit summary
(Add dialogue image and rough translation) |
mNo edit summary |
||
| Line 11: | Line 11: | ||
|imagecaption = The '''Madoka.exe''' icon. | |imagecaption = The '''Madoka.exe''' icon. | ||
}} | }} | ||
'''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] program, which is a variant of the Win32/FlaGhost Malware. The original author is Qiwen Lin (林 啟文) and it's written in Hot Soup Processor programming language. | '''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] program, which is a variant of the Win32/FlaGhost Malware. The original author is Qiwen Lin (林 啟文), and it's written in Hot Soup Processor programming language. | ||
== Payload == | == Payload == | ||
When the user runs the malware by executing the EXE directly, a picture of a Japanese woman in full screen is displayed followed by a "introduce dialogue" text in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image. | When the user runs the malware by executing the EXE directly, a picture of a Japanese woman in full screen is displayed followed by a "introduce dialogue" Chinese text in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image. | ||
Before showing the initial payload, the malware will copy itself to Windows directory as ''ozawa.exe'' and try to append itself to ''win.ini'' in order to auto start with the OS. Judging from the decompiled source code, this only works on Win98/ME. On XP or higher, there is no ''Run'' section in ''win.ini'' and the malware would not work apart from the initial payload. | Before showing the initial payload, the malware will copy itself to Windows directory as ''ozawa.exe'' and try to append itself to ''win.ini'' in order to auto start with the OS. Judging from the decompiled source code, this only works on Win98/ME. On XP or higher, there is no ''Run'' section in ''win.ini'' and the malware would not work apart from the initial payload. | ||
