Virus.Win32.HLLP.Toadie

preview_player
Показать описание
sorry if I seem a little scatterbrained throughout this video - this virus threw tons of curveballs at me and by the time I got done recording it I was more than ready to be finished. the file I never ended up finding was a log file that the virus keeps of every file and its directory listing that it infects.

This is also my first time using YouTube's auto generated captions to form the basis of the subtitles - if you don't like the way it's structured, or the flow, or anything else, please let me know. I went through them all and added proper punctuation and my personal flare, but it might not be as good as some of the older videos. Feedback is appreciated.
Рекомендации по теме
Комментарии
Автор

I believe the PE/COFF format is a superset of MZ-DOS, and does not contain any code that specifically checks for Windows.

COFF executables start with an MZ-DOS stub, followed by a magic number then valid DOS code that prints "nope" then exits. When Windows opens a COFF executable, it reads the magic number and immediately skips ahead to the _real_ entry point. At no point does the program itself make any sort of "check" that it is running on Windows.

This allows for hybrid executables such as REGEDIT to exist, where both the MZ and COFF sections contain a complete program, not unlike Universal (PPC/x86_64) and Universal 2 (x86_64/AArch64) programs under Darwin.

In the case of Toadie, I'd love to load an infected executable through Cutter, but I'm pretty sure it overwrites the MZ section and the COFF magic number, with an MZ program that manually performs a protected call into the COFF entry point, presumably after running a malicious payload in MZ mode.

In other words, Toadie is not really a Win32 virus. It is an MS-DOS virus capable of identifying and hooking into Win32 COFF executables non-destructively.

itsthesola
Автор

One of the main things I've gathered from watching your videos over the years is that pointing a camera at your monitor seems to be a valid substitute for an antivirus considering how it seems to cause malware to stop working correctly

Toxoidb
Автор

8:07 "Fool me once, I'm mad. Fool me twice, how could you. Fool me three times, you're officially that guy..." - JonTron

spendle
Автор

"It's about this point that my eyes begin glazing over and my mind becomes one with the Toadie virus, rendering it useless"
dan is clearly having fun with subtitles and I'm all here for it

RPCHN_FRNZY
Автор

The video length and the virus' ability to throw you off its path for however long is honestly more reminiscent of meltingscreen.

thishandle.wasnttaken
Автор

ARP and REGEDIT are valid EXEs for both Windows and DOS mode, so that's why it's not a problem for them, ARP just opens the DOS version of itself instead of the Windows one, just like REGEDIT

IrisGalaxis
Автор

a new danooct1 video is the best birthday gift i could've ever asked for. thank you

NotThatSalty
Автор

Every Windows program is secretly a DOS program too, even today. Usually, it just prints a message and quits. But it doesn't have to be like that.

pvc
Автор

Always glad to have a 20-minute long danooct1 video

exaltedb
Автор

Almost 20 minutes?!
What did we do to deserve THIS prize!

ItzTerraYT
Автор

Seeing "REGEDIT - HUHIUEH" was so sudden and funny that i almost dropped my drink. It's just for a frame but that's suspicious, lol

SpessWarlock
Автор

When the virus does it job so well it completely bricks the kernel, now that I've never seen happen in a danooct video before LOL

letcreate
Автор

This was a super weird virus! Definitely wasn't expecting it to get to the Kernel so quick!

Thank you Dan for pushing through the setbacks, and thank you for the work you put into these!

glitchyglyphva
Автор

I can't believe that Toadie literally toasted the computer LMAO

Povilaz
Автор

Your videos have the most pleasant subtitles, your effort is greatly appreciated. Your voice is also very soothing.

Kilgamesh
Автор

I have been subscribed to you for a very long time. Every video is great and done in that old style that I enjoy. Thanks for the years of entertainment and here's to many more!

Also, I've seen the kernel error before, it's so rare. I got it by randomly deleting registry entries.

thedarkdragon
Автор

0:48 Cause I’m the Taskman, yeahhh I’m the taskman 🎶

justinhamilton
Автор

5:05 "It's always good to thoroughly infect your machine whenever possible"
LMAO

aznxknight
Автор

My mind is blown by the captions explaining each hardware and software sound. Thank you for doing this still after all these years

HowPettyful
Автор

Two Danooct1 videos! It really is the Christmas season!
Always love the videos when they drop man.

maiyannah