Screamer Wiki

Madoka.exe: Difference between revisions

← Older edit
VisualWikitext
P0008874 (talk | contribs)
22 edits
Whc2001 (talk | contribs)
62 edits
No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 9: Line 9:
|type = [[Application]]
|type = [[Application]]
|date = 2001
|date = 2001
|imagecaption = The '''Madoka.exe''' icon.
|imagecaption = /人◕ ‿‿ ◕人\
}}
}}
'''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]]. It is a variant of the Win32/FlaGhost malware. The original author is Qiwen Lin (林 啟文) and it was written in the [[wikipedia:Hot_Soup_Processor|Hot Soup Processor]] programming language.  
'''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]]. It is a variant of the Win32/FlaGhost malware. The original author is Qiwen Lin (林 啟文) and it was written in the [[wikipedia:Hot_Soup_Processor|Hot Soup Processor]] programming language.  


==Payload==
==Payload==
When the user runs the malware by executing the [[.exe]] directly, a picture of an Asian woman in full screen is displayed along with the "introduce dialogue" Chinese text showing line by line in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image.  
When the user runs the malware by executing the [[.exe]] directly, a picture of Madoka Ozawa, a Japanese adult actress, in full screen is displayed along with the "introduce dialogue" Chinese text showing line by line in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image.  


Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload.
Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload.
Line 86: Line 86:
*'''Author's homepage''': web.archive.org/web/20040806024306/geocities.co.jp:80/SiliconValley-Oakland/8358/mysoft/mysoft.html
*'''Author's homepage''': web.archive.org/web/20040806024306/geocities.co.jp:80/SiliconValley-Oakland/8358/mysoft/mysoft.html
*'''Showcase''': youtube.com/watch?v=COIEKlgnDm4
*'''Showcase''': youtube.com/watch?v=COIEKlgnDm4
*'''Japanese writeup and unofficial SWF version''': web.archive.org/web/20041117144538/fukushima.cool.ne.jp/aok2/documentary/madoka.html


==See also==
==See also==
Retrieved from "https://screamer.wiki/Madoka.exe"