Madoka.exe: Difference between revisions
No edit summary |
|||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 9: | Line 9: | ||
|type = [[Application]] | |type = [[Application]] | ||
|date = 2001 | |date = 2001 | ||
|imagecaption = | |imagecaption = /人◕ ‿‿ ◕人\ | ||
}} | }} | ||
'''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]]. It is a variant of the Win32/FlaGhost malware. The original author is Qiwen Lin (林 啟文) and it was written in the [[wikipedia:Hot_Soup_Processor|Hot Soup Processor]] programming language. | '''Madoka.exe''', also known as the '''Ghost virus''' or the '''Sadako virus''' in Japan, was a Taiwanese [[screamer]] [[program]]. It is a variant of the Win32/FlaGhost malware. The original author is Qiwen Lin (林 啟文) and it was written in the [[wikipedia:Hot_Soup_Processor|Hot Soup Processor]] programming language. | ||
==Payload== | ==Payload== | ||
When the user runs the malware by executing the [[.exe]] directly, a picture of | When the user runs the malware by executing the [[.exe]] directly, a picture of Madoka Ozawa, a Japanese adult actress, in full screen is displayed along with the "introduce dialogue" Chinese text showing line by line in the upper-left corner of the screen. However, a ghost version of the woman in the image will appear briefly along with a scream sound effect, before immediately returning to the original image. | ||
Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload. | Before showing the initial payload, the malware will copy itself to the Windows directory as <code>ozawa.exe</code> and try to append itself to <code>win.ini</code> in order to auto start with the operating system. Judging from the decompiled source code, this only works on [[wikipedia:Windows 98|Windows 98]] and [[wikipedia:Windows ME|Windows ME]]. On [[wikipedia:Windows_XP|Windows XP]] or higher, there is no ''Run'' section in <code>win.ini</code> and the malware will not work apart from the initial payload. | ||
| Line 28: | Line 28: | ||
Introduce Dialogue= | Introduce Dialogue= | ||
[[File:Madoka mess1.bmp | [[File:Madoka mess1.bmp|none]] | ||
Are you looking at me? | Are you looking at me? | ||
| Line 52: | Line 52: | ||
|-|Meet-again Dialogue= | |-|Meet-again Dialogue= | ||
[[File:Madoka mess2.bmp | [[File:Madoka mess2.bmp|none]] | ||
Why it's you again? | Why it's you again? | ||
| Line 62: | Line 62: | ||
|-|Bye Dialogue= | |-|Bye Dialogue= | ||
[[File:Madoka mess3.bmp | [[File:Madoka mess3.bmp|none]] | ||
You are so annoying! | You are so annoying! | ||
| Line 86: | Line 86: | ||
*'''Author's homepage''': web.archive.org/web/20040806024306/geocities.co.jp:80/SiliconValley-Oakland/8358/mysoft/mysoft.html | *'''Author's homepage''': web.archive.org/web/20040806024306/geocities.co.jp:80/SiliconValley-Oakland/8358/mysoft/mysoft.html | ||
*'''Showcase''': youtube.com/watch?v=COIEKlgnDm4 | *'''Showcase''': youtube.com/watch?v=COIEKlgnDm4 | ||
*'''Japanese writeup and unofficial SWF version''': web.archive.org/web/20041117144538/fukushima.cool.ne.jp/aok2/documentary/madoka.html | |||
==See also== | ==See also== | ||