Helper, Comment administrators, rollback
577
edits
MrsMajor.exe: Difference between revisions
m
I would rather not compromise the image file quality (of the program icons) by resizing it manually but I don't know how to resize images within the infoboxes themselves. So it looks a bit clunky
Nemesis6051 (talk | contribs) (Added file icons and updated links section.) |
Nemesis6051 (talk | contribs) m (I would rather not compromise the image file quality (of the program icons) by resizing it manually but I don't know how to resize images within the infoboxes themselves. So it looks a bit clunky) |
||
| (19 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
{{#seo: | |||
|keywords="MrsMajor, MrsMajor.exe, BossDaMajor.exe, MrsMajor2.0.exe, MrsMajor3.0.exe, Elektro Berkay" | |||
}} | |||
{{Spoiler}} | |||
{{Infobox | {{Infobox | ||
|title = MrsMajor.exe | |title = MrsMajor.exe | ||
|image = | |image = BossDaMajor icon.png | ||
|maker = Elektro Berkay | |maker = Elektro Berkay | ||
|type = Application | |type = Application | ||
| Line 8: | Line 12: | ||
}} | }} | ||
'''MrsMajor.exe''' (also known as '''BossDaMajor.exe''') | '''MrsMajor.exe''' (also known as '''BossDaMajor.exe''') are series of [[screamer]] [[applications]] developed by Elektro Berkay. The trojan gained notoriety after YouTube user Siam Alam created a showcase video about it. Elektro Berkay later developed MrsMajor2.0.exe and MrsMajor3.0.exe, which were also featured on Siam Alam's channel. | ||
According to the description, BossDaMajor.exe originated in Turkey and was created in 2017. | According to the description, BossDaMajor.exe originated in Turkey and was created in 2017. | ||
== | ==Payload== | ||
===BossDaMajor.exe=== | ==='''BossDaMajor.exe'''=== | ||
Upon execution, BossDaMajor.exe opens Notepad and displays a message that reads: | Upon execution, BossDaMajor.exe opens Notepad and displays a message that reads: | ||
Start to CRY! | Start to CRY! | ||
WHAT I WANT FROM YOU IS DoNT'scxhcar__?-#__3871h--__.....DONT CLICK ANYTHING! | WHAT I WANT FROM YOU IS DoNT'scxhcar__?-#__3871h--__.....DONT CLICK ANYTHING! | ||
=Created by BeRkaY_the_Coder Elektro Berkay= | =Created by BeRkaY_the_Coder Elektro Berkay= | ||
The trojan proceeds to flood the user's desktop with numerous | The trojan proceeds to flood the user's desktop with numerous [[wikipedia:Text_file|text files]] named "MRS MAJOR WANTS TO MEET YOU" which contain the text "MRS MAJOR IS BEHIND OF YOU!". | ||
After, it launches Windows Media Player and plays a copy of the video [[Ghost Caught on Tape]].<ref>The video may not play to completion due to the forced logout and restart routine.</ref> Simultaneously, a window titled | After, it launches Windows Media Player and plays a copy of the video [[Ghost Caught on Tape]].<ref>The video may not play to completion due to the forced logout and restart routine.</ref> Simultaneously, a window titled "Cute Doll!" appears on the screen, displaying the message "MrsMajor Wants TO MEET YOU!". It then logs out the user and forces a restart. | ||
Upon restarting, the trojan changes the desktop background to an image of skulls, replaces file icons with a skull icon, and replaces the cursor with a skull and crossbones icon. It also disables essential system utilities such as Task Manager and Windows Defender. | Upon restarting, the trojan changes the desktop background to an image of skulls, replaces file icons with a skull icon, and replaces the cursor with a skull and crossbones icon. It also disables essential system utilities such as [[wikipedia:Task_Manager_(Windows)|Task Manager]] and [[wikipedia:Microsoft_Defender_Antivirus|Windows Defender]]. | ||
A window titled | A window titled "MrMajor" appears, displaying a flashing and moving image of a frightening doll. Attempting to close this window results in it immediately reopening. "[https://youtu.be/6WyH5E8Xs0c Thresh, the Chain Warden]" from ''[[wikipedia:League_of_Legends|League of Legends]]'' plays in the background. | ||
===MrsMajor2.0.exe=== | ==='''MrsMajor2.0.exe'''=== | ||
{{Infobox | {{Infobox | ||
|title = MrsMajor2.0.exe | |title = MrsMajor2.0.exe | ||
|image = | |image = MrsMajor2 icon.png | ||
|maker = Elektro Berkay | |maker = Elektro Berkay | ||
|type = Application | |type = Application | ||
| Line 37: | Line 41: | ||
}} | }} | ||
Upon execution, MrsMajor2.0.exe presents the user with an [[wikipedia:End-user_license_agreement|end-user license agreement]] (EULA) warning them that running the trojan will destroy the computer. After accepting the EULA, the trojan launches its payload. | |||
First, it proceeds to fill the desktop with multiple invalid .exe files named | [[File:MrsMajorWarningMessage.png|thumb|The warning message that appears before MrsMajor2.0 executes its payload]]First, it proceeds to fill the desktop with multiple invalid [[wikipedia:.exe|.exe]] files named "HUMANS ARE TASTY." Then, it flashes multiple copies of the doll image from BossDaMajor.exe across the screen, and then forces a restart. | ||
Upon restarting, the trojan changes the desktop background to an image of Annabelle from ''[[wikipedia:The_Conjuring_Universe|The Conjuring]]'' franchise, replaces the default cursor with a | Upon restarting, the trojan changes the desktop background to an image of Annabelle from ''[[wikipedia:The_Conjuring_Universe|The Conjuring]]'' franchise, replaces the default cursor with a [[GIF]] image of an eyeball looking around, and replaces the icons of the newly created .exe files on the desktop with the same icon as the trojan itself. | ||
It then opens a window displaying the doll image from BossDaMajor.exe with various distorting visual effects. The bottom right of the window features a countdown timer starting at 5:00, while the bottom left corner has a button labeled “Show Rules”. When clicked, it opens a new window presenting a list of rules the user must follow:<pre> | It then opens a window displaying the doll image from BossDaMajor.exe with various distorting visual effects. The bottom right of the window features a countdown timer starting at 5:00, while the bottom left corner has a button labeled “Show Rules”. When clicked, it opens a new window presenting a list of rules the user must follow:<pre> | ||
| Line 66: | Line 70: | ||
</pre> | </pre> | ||
Similar to BossDaMajor.exe, | Similar to BossDaMajor.exe, "Thresh, the Chain Warden" plays in the background. | ||
MrsMajor2.0.exe prevents users from opening Task Manager. If the user attempts to open Task Manager, the words | MrsMajor2.0.exe prevents users from opening Task Manager. If the user attempts to open Task Manager, the words "THERE IS NO ESCAPE" flash on the screen one by one. | ||
If the user breaks one of the rules, or if the timer reaches zero, the screen is bombarded with multiple flashing copies of the doll image. Simultaneously, the original window's image becomes distorted by chromatic aberration. Similar to the Task Manager payload, the words | If the user breaks one of the rules, or if the timer reaches zero, the screen is bombarded with multiple flashing copies of the doll image. Simultaneously, the original window's image becomes distorted by chromatic aberration. Similar to the Task Manager payload, the words "THERE IS NO ESCAPE" flash on the screen one by one. | ||
Then, the trojan triggers a | Then, the trojan triggers a red [[wikipedia:Screen_of_death|Screen of Death]] (RSoD) and overrides logonui.exe. The RSoD reads:<pre> | ||
A problem has been detected and windows has been shutdown to prevent damage to your computer. | A problem has been detected and windows has been shutdown to prevent damage to your computer. | ||
| Line 92: | Line 96: | ||
</pre>When the user restarts the machine, it will display the RSoD. | </pre>When the user restarts the machine, it will display the RSoD. | ||
===MrsMajor3.0.exe=== | ==='''MrsMajor3.0.exe'''=== | ||
{{Infobox | {{Infobox | ||
|title = MrsMajor3.0.exe | |title=MrsMajor3.0.exe | ||
|image = | |image= MrsMajor3 icon.png | ||
|maker = Elektro Berkay | |maker=Elektro Berkay | ||
|type = Application | |type=Application | ||
|date = 2020 | |date=2020 | ||
|imagecaption = The '''MrsMajor3.0.exe''' icon. | |imagecaption=The '''MrsMajor3.0.exe''' icon.}} | ||
}} | |||
When MrsMajor3.0.exe is executed, it prompts the user to enter an authorization code in order to decrypt and run the trojan. Once the code is entered, the trojan asks the user if they would like to view the list of rules, and if the user accepts, it displays a message that reads:<pre> | When MrsMajor3.0.exe is executed, it prompts the user to enter an authorization code in order to decrypt and run the trojan. Once the code is entered, the trojan asks the user if they would like to view the list of rules, and if the user accepts, it displays a message that reads:<pre> | ||
| Line 117: | Line 120: | ||
</pre>After a couple of seconds, the trojan changes the desktop background to an image of a dark forest and forces a system restart. | </pre>After a couple of seconds, the trojan changes the desktop background to an image of a dark forest and forces a system restart. | ||
Upon restarting, an edited image of the doll from the previous versions of MrsMajor appears, featuring blood dripping from its eyes and mouth, as well as several bloody holes in its forehead. Next to the doll is a vertical red meter labeled “Blood Left:” which gradually depletes over time. [https://youtu.be/_Qr2T1az1Ck Song of Unhealing] from the | Upon restarting, an edited image of the doll from the previous versions of MrsMajor appears, featuring blood dripping from its eyes and mouth, as well as several bloody holes in its forehead. Next to the doll is a vertical red meter labeled “Blood Left:” which gradually depletes over time. "[https://youtu.be/_Qr2T1az1Ck Song of Unhealing]" from the [[BEN Drowned]] [[creepypasta]] plays in the background. | ||
If the blood meter fully depletes, or the user breaks one of the rules, the trojan triggers a Blue Screen of Death (BSoD) with the stop code <code>CRITICAL PROCESS DIED</code>. It overrides logonui.exe with a distorted image of the doll with an open mouth and bleeding eyes, accompanied by the text:<div style="text-align: center;"> | The trojan overlays the screen with a translucent red filter, and small red circles and rectangles resembling drops of blood surround the screen. Shortly after, blood begins dripping down from the top of the screen. This overlay remains visible on top of any other open windows. The trojan also replaces the default cursor with a black and red cursor. | ||
If the blood meter fully depletes, or the user breaks one of the rules, the trojan triggers a [[wikipedia:Blue_screen_of_death|Blue Screen of Death]] (BSoD) with the stop code <code>CRITICAL PROCESS DIED</code>. It overrides logonui.exe with a distorted image of the doll with an open mouth and bleeding eyes, accompanied by the text:<div style="text-align: center;"> | |||
I own not only your thoughts | I own not only your thoughts | ||
but also your machine. | but also your machine. | ||
</div> | </div> | ||
If MrsMajor3.0 detects that logonui.exe has been fixed, it displays an error window titled | If MrsMajor3.0 detects that logonui.exe has been fixed, it displays an error window titled "uh oh" that reads "You messed up.." upon booting into Windows. Subsequently, it triggers a BSoD and overrides the [[wikipedia:Master_boot_record|Master Boot Record]] (MBR) with the message:<div style="text-align: center;"> | ||
You are not very | You are not very | ||
smart. Are you? | smart. Are you? | ||
| Line 129: | Line 134: | ||
disk is even | disk is even | ||
worse now. | worse now. | ||
</div> | |||
==Notes== | |||
<references /> | |||
==Showcases== | |||
<div style="text-align: center;"> | |||
<youtube width="320" height="180">DNXXKd4XrcE</youtube> | |||
<youtube width="320" height="180">xA9VCln_aSY</youtube> | |||
<youtube width="320" height="180">-a12fxEOuU4</youtube> | |||
</div> | </div> | ||
==Link== | ==Link== | ||
<u>NOTE</u>: | <u>NOTE</u>: The following [[application]] contains a [[screamer]] as well as a [[wikipedia:Cross-site scripting|malicious script]]<font color="red"> that will harm your computer!</font> | ||
*github.com/NotReal96/Malware/blob/master/MrsMajor.md | *github.com/NotReal96/Malware/blob/master/MrsMajor.md | ||
{{Maliciousnav}} | {{Maliciousnav}} | ||
{{Comments}} | {{Comments}} | ||
[[Category: | [[Category:Malware]][[Category:Malicious scripts]] | ||
[[Category:Malicious scripts]] | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Regan MacNeil]] | [[Category:Regan MacNeil]] | ||