Selenus[.]exe | Triage

Sharing

General

Target

Selenus.exe
Size

1008KB
MD5

912cec3ee35559ac4101860d8576b1fa
SHA1

7393f2c6588abb63972137ab158ec766be5e284c
SHA256

888edc326b10dba498a8b15703782e5d62c4322b95fd9a36a224364b73de4ba1
SHA512

467a44b281a6564ac315f2fe58536479977d95ef84c0a2c7985bc33da4c6c702a54b25ac03d1bc9fcd318f79d6bf271adf7abf1fa99c7fc38d679daaaef78af0
SSDEEP

24576:3YnzqIvP8ob9bDNxOe3QzqmxvczaH0X1zt6Jn51F3GoOiFPlOEf3:0/P8qbGeIqmxvc+Ux+3F3GoOiFPlOEf3

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Selenus.exe

Files

Selenus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Selenus.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 914KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ