18
edits
Madoka.exe: Difference between revisions
m
no edit summary
Nemesis6051 (talk | contribs) No edit summary |
mNo edit summary Tag: Manual revert |
||
| (10 intermediate revisions by 6 users not shown) | |||
| Line 11: | Line 11: | ||
|imagecaption = The '''Madoka.exe''' icon. | |imagecaption = The '''Madoka.exe''' icon. | ||
}} | }} | ||
'''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]] | '''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]]. It is a variant of the Win32/FlaGhost malware. The original author is Qiwen Lin (林 啟文) and it was written in the [[wikipedia:Hot_Soup_Processor|Hot Soup Processor]] programming language. | ||
==Payload== | ==Payload== | ||
When the user runs the malware by executing the [[.exe]] directly, a picture of | When the user runs the malware by executing the [[.exe]] directly, a picture of Madoka Ozawa, a Japanese adult actress, in full screen is displayed along with the "introduce dialogue" Chinese text showing line by line in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image. | ||
Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload. | Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload. | ||
| Line 28: | Line 28: | ||
Introduce Dialogue= | Introduce Dialogue= | ||
[[File:Madoka mess1.bmp| | [[File:Madoka mess1.bmp|none]] | ||
Are you looking at me? | Are you looking at me? | ||
| Line 52: | Line 52: | ||
|-|Meet-again Dialogue= | |-|Meet-again Dialogue= | ||
[[File:Madoka mess2.bmp| | [[File:Madoka mess2.bmp|none]] | ||
Why it's you again? | Why it's you again? | ||
| Line 62: | Line 62: | ||
|-|Bye Dialogue= | |-|Bye Dialogue= | ||
[[File:Madoka mess3.bmp| | [[File:Madoka mess3.bmp|none]] | ||
You are so annoying! | You are so annoying! | ||
| Line 84: | Line 84: | ||
*web.archive.org/web/20041106190224/geocities.co.jp/SiliconValley-Oakland/8358/mysoft/files/madoka08.zip | *web.archive.org/web/20041106190224/geocities.co.jp/SiliconValley-Oakland/8358/mysoft/files/madoka08.zip | ||
*files.screamer.wiki/other/madoka08.zip | *files.screamer.wiki/other/madoka08.zip | ||
*web.archive.org/web/20040806024306/ | *'''Author's homepage''': web.archive.org/web/20040806024306/geocities.co.jp:80/SiliconValley-Oakland/8358/mysoft/mysoft.html | ||
*'''Showcase''': youtube.com/watch?v=COIEKlgnDm4 | |||
==See also== | ==See also== | ||
*[[McDonalds.exe]] | *[[McDonalds.exe]] | ||
| Line 90: | Line 92: | ||
*[[Hikaru.exe]] | *[[Hikaru.exe]] | ||
{{Maliciousnav}} | {{Maliciousnav}} | ||
[[Category: | [[Category:Malware]][[Category:Applications]] | ||
[[Category:Applications]] | |||
[[Category:Other scary images]] | [[Category:Other scary images]] | ||
[[Category:Japan]] | [[Category:Japan]] | ||
