Happy 11th anniversary, screamer wiki!

Strimage.exe: Difference between revisions

Jump to: navigation, search
no edit summary
No edit summary
No edit summary
(27 intermediate revisions by 14 users not shown)
Line 1: Line 1:
{{Malicious Scripts}}
{{Deleted}}
Strimage.exe is a [[screamer]] program written in VB6 which spread across China in around 2005.  
{{Infobox
|title = Strimage.exe
|image = ScreamerWarning.png
|maker = Unknown
|type = Application
|date = 2005
}}
'''Strimage.exe''' (Chinese: 女鬼2阴魂不散) is a [[screamer]] [[program]] that gained popularity in China during the year 2005. It was developed using the [[wikipedia:Visual_Basic_(classic)|Visual Basic]] 6.0 programming language and its icon resembled a [[wikipedia:Windows_9x|Win9X]]-style folder, likely to disguise itself as a regular directory.  


It has an icon of folder in Win9X style, attempt to make the user think it's a normal folder and run it. When executed, it seems that nothing happened. However the program has already copied itself to several system directories, deleted the original file, and set itself to the default application for opening JPEG files. So each time the user double click on a JPEG file, the program will be called to run., Then, the program will check the date on the local computer. If the date it's not Friday, Saturday or Sunday, the program will terminate itself. Otherwise the [[screamer]] will begin countdown for a random amount of time between 5 minutes and 15 minutes in the background. After finished counting, the program will show its main payload, which is a ghostly girl and half of her face is skeleton. The eyeball on the other half can move and a crying sound effect will be played. Click anywhere will exit the [[screamer]].
== Payload ==
When launched, Strimage.exe self-replicated across various system directories, removed the original file, and assigned itself as the default application for opening [[wikipedia:JPEG|JPEG]] files. The malware was executed every time a JPEG file was double-clicked.


It can be found in source code that the project was firstly named ''StarField'' and the caption of the [[screamer]] window is also the same. There is a '''Type''''' ''class in the code named ''Star ''which featured ''X, Y, Speed, Size ''and'' Color. ''It seems like that the author was initially wanted to write a screensaver or some visual program.
The screamer payload only activated on Friday, Saturday, and Sunday. The program waited a minimum of 5 minutes and a maximum of 15 minutes before displaying the screamer, which displayed an full-screen image of a girl with half of her face a skull accompanied by a somber crying sound effect.  Users could exit the screamer by clicking anywhere on the screen.
 
The program's source code reveals the initial project name "StarField". The screamer window's caption also shares the same name. The code includes a "Type" class named "Star", featuring properties such as "X", "Y", "Speed", "Size", and "Color", which may suggest that the author was initially planning to write a screensaver or a similar visual program.


== Links ==
== Links ==
=== '''Download''' ===
<u>NOTE</u>: The following download link contains a [[screamer]] application and a well known <span style="color:red"><span style="color:yellow">[[malicious script]]</span> that could potentially harm your computer!</span>
<u>NOTE</u>: The following download link contains a [[screamer]] application, <span style="color:red">as a well-known <span style="color:yellow">malicious script</span> that may could potentially harm your computer!</span>
* files.screamer.wiki/other/Strimage.zip (Including the cleaner program and VB6 source code)
* '''Main Program:''' mega.nz/#!cKAn3QRB!FeBfTj6g4S8NDBuprpSpeWp1DpF2zYi5z--F9he4zUQ
* '''Showcase:''' bilibili.com/video/BV1mt41177jP
* '''Killer Program (Written by the author in order to remove it):''' mega.nz/#!EGAhDbRK!Whb4oC6QfOWMzmuE1eiwceBc4mcH004a6LuxL-nH7qA
<br>
* '''Source Code:''' mega.nz/#!gOpmxaJR!8M5VfluH3HEMLBnZpyyxv_ZfyVmtCXC0YUpPlSH8-Xg
{{Maliciousnav}}
{{Comments}}
[[Category:Malware]]
[[Category:Applications]]
[[Category:Applications]]
[[Category:Other scary images]]
[[Category:Other scary images]]
Line 18: Line 30:
[[Category:China]]
[[Category:China]]
[[Category:Malicious scripts]]
[[Category:Malicious scripts]]
{{Comments}}
Helper, Comment administrators, rollback
577

edits

Navigation menu