The specified executable is not a valid application for this OS platform.

[axano]

When I try to run the packed exe I get this error: The specified executable is not a valid application for this OS platform.

This is the used command:

python .\inceptor.py dotnet e_inj.exe -o packed.exe -s -sd www.microsoft.com -s -ss "C:\Windows\system32\ntdll.dll"

This is the output:

[+] .Net Artifact Generator Started At 2021-10-31 16:29:16.934982
[*] Phase 0: Loading...
[*] Phase 1: Converting binary into shellcode
  [>] Transformer: Pe2sh
  [WARNING] This is a console application! The recommended subsystem is GUI.
  [WARNING] e_inj.exe may not work in .NET
[*] Phase 2: Encoding
  [>] Encoder Chain: HexEncoder
  [>] Shellcode size: 58060
  [>] Shellcode Signature: 6d567a0c9b79df74844d9d33cad96814185a4416
[*] Phase 3: Generating source files using PE_LOAD
  [>] Phase 3.1: Writing CS file in .\temp\tmpm0gi_vr3.cs
[*] Phase 4: Compiling
[*] Phase 5: Sign dotnet binary
  [+] Signed with: SigThief
[*] Phase 6: Finalising
  [+] Success: file stored at packed.exe
[*] Phase 7: Cleaning up
[+] .Net Artifact Generator Finished At 2021-10-31 16:29:17.700150

And this is the error when i try to run the packed exe:

.\packed.exe
Program 'packed.exe' failed to run: The specified executable is not a valid application for this OS platform.At line:1 char:1
+ .\packed.exe
+ ~~~~~~~~~~~~.
At line:1 char:1

The e_inj.exe executable is written in C with visual studio and compiled in x64.

I get the same error for"

python .\inceptor.py native e_inj.exe -o packed.exe -s -sd www.microsoft.com -s -ss "C:\Windows\system32\ntdll.dll"

python .\inceptor.py native e_inj.exe -o packed.exe -t pe2sh -s -sd www.microsoft.com -s -ss "C:\Windows\system32\ntdll.dll"

[klezVirus]

Hi @axano, thanks for that. This is an issue with how SigThief works. It seems to me that the signature cloning is not applying only the signature to the output binary, effectively breaking the payload. Let me take a look at this further.