Closed BrainMarine closed 1 year ago
@BrainMarine , I have this quite a lot. Not on all machines, but it happens quite frequently. I've checked and .NET is present, even tried to recompile using the most up-to-date framework version available on the machine.
Have you figured out what causes this? I've been playing around with any,x64 and x86 but that doesn't seem to matter.
I had this happen a lot, too and started searching for reasons.
TL;DR: Turns out if you think it's not AV, it's most likely still AV: https://s3cur3th1ssh1t.github.io/Powershell-and-the-.NET-AMSI-Interface/
Issue description
Issue with One liner to download and execute winPEASany from memory in a PS shell.
Steps to reproduce the issue
Exception calling "Load" with "1" argument(s): "Could not load file or assembly '2235392 bytes loaded from Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format."
Which parameters did you use for executing the script and how did you execute it?
If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?
I used the obfuscated version online at https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe
Is there any AV / Threat protection in the system?
Yes but i run it in a whitelisted folder
Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)
Please, indicate the check that is failing and add a screenshot showing the problem
Please see screenshot posted above
How did you expect it to work?
Was expecting to work but I got an error.
Exception calling "Load" with "1" argument(s): "Could not load file or assembly '2235392 bytes loaded from Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format."
Additional details / screenshot