Trojan.Satacom.B

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Satacom.B
Signature status:	Hash Mismatch

Known Samples

MD5: b1b6d69f1b70889474cdf44a2c818fbf

SHA1: 2b86a7d3b6cb61d4f33abb8e3478acbbe8a16d8f

SHA256: B405A8CE72D04D008E91F411B1401BA694F74C3E160C759F30539FDA42BFECA2

File Size: 4.33 MB, 4327424 bytes

MD5: a19f866b65e4db500939cd9fc31a658a

SHA1: b13fff4147da6828a2526462c7e30744a2151827

SHA256: A27EA278C04350AF71C32FE7CD007599F34B58DF36774D7CE5D36856AEF56BBF

File Size: 4.32 MB, 4318720 bytes

MD5: 958e854924e126b889fbe64a9958c009

SHA1: 888af513ab6e6be9d5af58370c1212f0904bd316

SHA256: 5C2997171B25F507D23E6F3F561C2EB7C946D8CFDBBFC03BF62B9445F397156E

File Size: 2.22 MB, 2224512 bytes

MD5: 5c88562b3b7dab6a53e05baab2276668

SHA1: 597be7517b9fd820f46350bacc0badd8129d91eb

SHA256: BDF008ECDC8B9FC0224B9884D8B1CBA7312C541C0CBA9170AB335796BA7077CC

File Size: 2.22 MB, 2224512 bytes

MD5: b068b907d606d118e33bd9216205d3a0

SHA1: 2b5eec0137e5e55c9211a22785e5cbdc224f9356

SHA256: AA9BDE1F2A2DF02A3E9D87FD48FB862BC738AD2D00386027081196429D5F6C44

File Size: 2.31 MB, 2307456 bytes

MD5: 3916fad13a2fd82a2803257bddbbddc1

SHA1: a4ebfed72b3ec8736b30a04fb3de5e3d3b798ffb

SHA256: 77EBF3624CCE3989FBB19E092B42EEDA847377760D0D82C30676FAA40390382A

File Size: 2.29 MB, 2289536 bytes

MD5: 42e2fb5e88278558b590243ebe131005

SHA1: 5d9238beaf85e84930b6fd5d7a83c347b5cdff99

SHA256: 86133A6B62D16AEC8368C7F68E5BFDEBECAE74D4576DF6320AD71616AF156F30

File Size: 4.29 MB, 4293632 bytes

MD5: b72554db15ddbdc8cef24bcf5db84677

SHA1: c7e9371b2fcd12037e085ea43b48e16a46288421

SHA256: 4459BEC81B75B847950331528BD2667C97C57B7AACD425B20621692A212DE9D7

File Size: 4.30 MB, 4297728 bytes

MD5: 132f8930d1f6cb435909960b64913a17

SHA1: 2f36c3d2479f979166980c2522d7179f76dd34b9

SHA256: 5BC0A0328AAC638B69EE5CE37F4C7AC4006F50095D84F2C9402F742115ACF168

File Size: 4.32 MB, 4315648 bytes

MD5: b59718d8c4da1d83d5510123991620bd

SHA1: 549cae7a841752a5e4b02b0102331b2a49a65416

SHA256: 79960FC04D95686AA43FD4DF23C766F9955F109D511DB1ED56D89ABD2F49CB3E

File Size: 4.31 MB, 4305408 bytes

MD5: b03263496c05afce20495c6b47c4f381

SHA1: de6782d78d79e9271b6346c777e36c49c2c85329

SHA256: A17FDEA7D1A7D63FD401409F0E4D6386AF1B3897ADA2A020808AB6401B4D69E5

File Size: 2.23 MB, 2225024 bytes

MD5: 16819c6db0749331894cfa9ec6cfdb27

SHA1: 83cb940093689ca40882f721a849524714065a10

SHA256: 89ABCA9F799C07DE5A821B1BA6FDEFF91EB4BF845A3227559B47ABA056E18393

File Size: 4.30 MB, 4297216 bytes

MD5: 4f5cdf3f22ba1372a1c208f6d3acb186

SHA1: 8cc7bfc1d10504b39e92ea3aba11e00aff91ece2

SHA256: 7657A73B9CF3FEC962C77A06A0053999CCAE25B47842D8DAA5A066E9A2B40031

File Size: 4.30 MB, 4298240 bytes

MD5: a115958573336ee9042fbc06933a712a

SHA1: 20d04a86fbcf5fac56fbce3bf27a7fe57db16510

SHA256: D3557DFB19A3CB38DC5D76A4FFF43FD03A418264478BE98FC44B4DC46AFDF4B4

File Size: 4.31 MB, 4307456 bytes

MD5: ed3cea7dc0d77c9752e617d06b67d04c

SHA1: eb492652650d0f1512d95f1e1268f5d61367e4e2

SHA256: 6FABE86B7B4782B3623F0882CB1608DC2053507D01C5B001B376065AC5E06A0A

File Size: 2.21 MB, 2210176 bytes

MD5: f217907295f6c8146d7ea7d7e75ade9f

SHA1: 61f1fa136086579a039b618a40d6c1614d01ed84

SHA256: 8EDA7EFE4BE384E71463A4F940BD7C7E5B71F5D89376BE85BA455E9D21E5DCD8

File Size: 2.24 MB, 2239360 bytes

MD5: e9b633baa0ecaf6c3bb6ff9647cb1149

SHA1: 9df714ab91e56b04749963ac00213f0a2c33a82b

SHA256: 12DD3A9F54302DE90877A94EC6F987C08F1AAC42F5E40456E6C39811ECC32AF3

File Size: 2.27 MB, 2267520 bytes

MD5: ed9b93fd286a3230a00ede21826eee5b

SHA1: 08da29c72b29c1ba34b6661cc29d4a4582b04a64

SHA256: 23DAC978A1FAECB10549E9227E650F58A81947B39460EC912E14552E173D0738

File Size: 2.24 MB, 2235264 bytes

MD5: 7511811665c836771b48e871a3d5dc49

SHA1: 9a0937780f3e79b3c4b9cb6ac5ad16c479462cbd

SHA256: 0532A0C54AC4492D9F728FEB07BCA80810A9B58B7F7C2BA5DE6F5892B2FDF67F

File Size: 4.28 MB, 4281856 bytes

MD5: e84caa24a04a7c4aadbda767f618e00d

SHA1: 804d8dc4911a3ba117750e50471ad1508a580499

SHA256: F619474B79FE2D1F2D6C8610271B4190EE93A4A867AD35E3333C9B11626469DF

File Size: 4.31 MB, 4307456 bytes

MD5: 320f6412e20a5b530d7dd60672e554bd

SHA1: 059b4104034a97d16d56e01c684b7ff00dbccc28

SHA256: 3BBAE7D68CB0F495DF3EA5BEA2D3ED74C3C13E0CD723A978BDB79560D94AA54B

File Size: 4.30 MB, 4303360 bytes

MD5: 4e202953760b85eeb5623a1305ecc09f

SHA1: adb31bca57f0057408d39f8bfcc60282e28f2102

SHA256: 81527060107DD71FE348505E44FC9BB8CB12E990209B814FB3BE66530EC7FD06

File Size: 2.18 MB, 2183040 bytes

MD5: 8fd0213e2118f4d9ad4bc125693241a3

SHA1: b6cfbf15e3ae573d4136937227bf03218a856eee

SHA256: 26C8FE5C93B7109A66D438AD6C3F22CD303192436205CD97869B704DF9EDCF03

File Size: 4.32 MB, 4321792 bytes

MD5: bc323bb5f99c77cc4d56bd3b4a211257

SHA1: 70f84fbbaebe0f2fddf5e09bbe4257cab0b96776

SHA256: D5FEE01E4AFC0A4EED0A474657BF77C41A6CEFC920343AA049F7F946A7441907

File Size: 2.23 MB, 2232192 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer	Root	Status
OBS Project, LLC	DigiCert Global G3 Code Signing ECC SHA384 2021 CA1	Hash Mismatch

File Traits

dll
fptable
HighEntropy
WriteProcessMemory
x64

Block Information

Total Blocks:	7,541
Potentially Malicious Blocks:	1,813
Whitelisted Blocks:	3,143
Unknown Blocks:	2,585

Visual Map

? ? ? ? ? 0 x 0 ? ? 0 x x 0 ? ? ? 0 x x ? ? ? x ? 0 x ? x ? ? x ? ? ? ? x ? ? ? ? ? x 0 x ? x x 0 ? x x x x 0 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? ? 0 0 x 0 x ? ? x ? ? ? ? ? ? x ? x 0 x ? x x ? 0 ? 0 ? x x 0 ? x x ? x ? ? 0 ? x x 0 ? ? ? ? x 0 x x 0 x ? ? 0 0 x 0 ? 0 0 0 0 ? ? x x ? x ? x x x ? 0 x x ? 0 ? ? 0 ? ? 0 ? ? x x ? ? ? ? 0 ? ? x x 0 x ? ? x x ? ? ? ? 0 ? x x ? x x 0 0 ? 0 0 x ? ? ? ? ? x 0 ? x x x 0 ? x x x ? 0 0 x 0 ? x ? ? 0 ? 0 x x ? ? ? ? 0 ? ? ? ? x 0 ? 0 x x x ? x ? x x 0 0 0 0 x 0 x x ? 0 0 0 0 ? ? ? 0 ? x 0 x ? ? x x x ? ? x 0 x x x x ? 0 0 x ? 0 ? 0 ? 0 x ? x x ? x 0 ? x ? ? ? 0 ? ? 0 x ? ? x x x ? x x x x ? x ? x ? ? ? 0 ? ? ? ? ? 0 0 x ? ? ? 0 ? ? ? ? ? ? ? x x 0 0 ? 0 ? ? ? 0 ? 0 x ? ? ? ? ? 0 ? ? 0 ? ? ? x 0 ? ? x ? 0 ? ? x ? 0 ? ? x ? 0 ? 0 0 x x ? 0 ? 0 ? 0 0 ? ? ? ? 0 ? 0 0 ? 0 ? ? 0 ? 0 x 0 ? 0 0 0 0 0 ? ? ? ? ? x ? x 0 ? ? 0 0 ? x x 0 ? x 0 ? 0 ? ? 0 x 0 ? 0 ? x 0 x ? ? x ? 0 0 ? x ? ? x 0 ? 0 ? ? x 0 x ? ? ? ? 0 x 0 ? 0 0 0 0 ? ? 0 0 ? ? ? ? ? 0 ? ? x ? 0 ? ? x ? 0 ? 0 0 x ? ? ? 0 0 ? 0 ? x ? 0 ? 0 0 x ? ? 0 ? 0 ? ? ? 0 ? 0 0 x ? ? ? ? 0 ? 0 0 ? ? 0 ? 0 ? x ? 0 ? ? 0 ? 0 0 ? 0 ? ? 0 ? ? 0 x ? ? ? x ? 0 0 ? ? ? 0 x ? ? 0 0 ? 0 0 ? ? 0 0 0 0 0 0 ? ? ? 0 0 ? 0 ? 0 0 x 0 0 ? 0 ? ? 0 x ? 0 0 ? ? x x ? 0 x ? 0 ? ? ? ? 0 ? 0 0 ? 0 x ? ? ? ? ? ? 0 0 ? ? x 0 0 ? 0 ? ? x 0 ? x ? ? 0 ? ? ? ? ? 0 ? x 0 0 ? x ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? 0 x x ? 0 ? ? ? ? ? 0 0 ? ? ? 0 0 ? ? ? 0 x 0 0 0 ? ? ? x 0 x ? ? 0 ? ? ? 0 0 ? ? 0 ? x 0 0 ? ? x 0 ? ? ? x 0 ? x 0 ? x 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 x ? 0 ? 0 ? ? 0 0 ? ? x ? ? ? x ? 0 ? x x 0 ? ? ? 0 ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? x x x x ? x ? x ? ? ? ? ? x ? ? ? ? ? x x ? ? 0 0 ? ? ? x ? 0 x ? ? 0 0 x ? x ? x 0 x ? ? 0 x ? ? 0 ? 0 x 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? x ? ? ? ? x x 0 ? x 0 x x ? x 0 ? x x 0 ? ? ? ? ? ? ? ? x ? x 0 0 0 ? 0 x x ? 0 x ? 0 x 0 ? ? x ? ? 0 x 0 ? 0 x 0 x 0 ? x ? 0 0 0 0 ? 0 x ? x x ? ? 0 x ? ? 0 0 x x x ? x x x 0 ? 0 x x 0 0 0 0 0 x 0 ? ? 0 x 0 0 ? ? x x ? 0 x ? x ? x ? ? ? x ? ? 0 0 ? ? ? x 0 ? 0 ? ? x ? ? ? ? x x x ? 0 0 ? 0 ? x x x ? ? ? 0 x 0 0 x 0 x ? ? 0 x ? x x ? x ? x ? 0 x ? ? 0 ? ? ? ? 0 ? ? ? 0 ? 0 0 0 ? ? ? x ? ? ? x ? 0 0 0 ? 0 ? ? ? 0 ? ? ? ? ? 0 ? ? 0 0 ? ? 0 ? ? 0 ? x ? x 0 ? ? ? ? ? ? ? ? x x 0 ? 0 ? ? ? ? 0 ? ? ? x ? x ? 0 ? x 0 ? x x ? 0 0 0 ? x ? x x x x x 0 0 0 0 0 ? x ? x 0 ? ? 0 ? ? ? 0 0 x x ? ? ? x ? x ? x ? ? ? x ? ? ? ? ? x 0 ? 0 ? x 0 ? ? ? 0 ? ? ? x x ? x x ? x x x ? 0 ? 0 ? ? 0 0 ? ? x ? x x x ? x x ? ? 0 x ? ? x 0 ? ? ? x 0 0 x 0 ? x 0 x 0 0 ? 0 ? 0 0 ? ? x x x ? 0 0 ? ? 0 ? ? 0 0 ? x 0 ? x ? 0 ? ? ? 0 x 0 0 ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 ? x ? ? ? x 0 ? 0 ? ? ? ? 0 ? ? 0 0 ? ? x ? ? 0 x ? 0 ? x ? x ? x 0 ? ? ? ? 0 0 0 ? ? 0 ? 0 ? ? ? ? ? 0 ? x 0 ? ? ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? ? x 0 ? ? 0 0 ? 0 0 0 ? x x 0 ? ? 0 ? x ? 0 0 0 0 ? 0 x x ? 0 x 0 x ? ? 0 0 0 ? ? ? x 0 ? 0 x ? ? 0 x ? ? ? ? ? ? 0 ? ? 0 x ? ? 0 x ? ? 0 ? ? ? 0 ? 0 ? ? 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? ? 0 0 ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 ? 0 ? 0 0 ? ? 0 ? 0 x ? 0 x ? 0 x ? ? 0 ? x ? 0 0 x 0 0 0 ? ? ? 0 0 0 0 ? 0 x 0 0 x x x 0 0 x ? ? x ? 0 ? ? ? 0 0 x 0 0 x 0 ? ? ? 0 0 ? ? 0 ? 0 ? x 0 ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? ? x ? x 0 ? x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 ? x 0 ? ? 0 ? x 0 ? ? 0 ? ? x ? 0 0 ? 0 ? x 0 ? 0 ? ? 0 ? ? x ? 0 0 x ? x ? ? ? ? ? 0 ? x ? ? ? ? ? ? ? ? ? 0 x ? ? x ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 x ? ? ? 0 ? 0 ? x 0 ? x ? ? x x ? ? ? x ? ? x ? 0 ? x ? ? 0 ? 0 ? x x 0 ? ? ? x 0 0 ? 0 ? 0 ? ? 0 0 ? ? x x x x ? ? ? ? 0 ? ? 0 x x x ? x ? 0 x ? x ? x x 0 x x ? x 0 ? 0 0 ? ? ? x x x ? ? ? 0 ? 0 ? x ? ? x x 0 x ? ? 0 0 0 0 x ? x x x 0 x ? x 0 x ? 0 0 0 x ? 0 x x x ? ? 0 0 0 x x ? ? ? x x 0 x x ? 0 0 x ? ? 0 ? x x 0 0 0 ? 0 x 0 x ? 0 ? x x ? 0 ? ? ? x 0 ? ? x x 0 ? 0 ? ? 0 ? x ? x 0 0 ? x ? 0 ? x ? x 0 x ? ? ? ? x x ? x ? 0 ? ? 0 0 ? 0 0 ? x 0 0 x 0 ? ? 0 ? ? 0 ? x x x ? ? ? 0 ? x 0 x x ? 0 ? ? 0 x 0 x ? ? x x ? x x x x ? ? ? ? x 0 ? x ? ? x x ? ? 0 0 x 0 x 0 x ? 0 0 ? ? ? ? x ? 0 ? 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? 0 0 ? ? ? 0 ? 0 0 x 0 x ? 0 0 ? 0 0 0 ? ? x 0 ? ? x ? 0 0 ? ? 0 0 0 ? x ? 0 x 0 ? ? 0 ? x x x ? ? ? ? 0 0 ? ? ? x ? ? 0 ? ? 0 ? ? 0 ? 0 0 ? ? ? x 0 ? 0 ? 0 x x 0 x 0 ? x ? 0 x ? x ? 0 ? 0 ? x ? x ? ? ? ? ? 0 ? ? ? 0 ? 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Satacom.B

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	燰ቡǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	䗦岳ᐲǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	諪琹☻ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	횎ม♐ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	⤇뷳⛤ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	쬿笆⛫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	汍瑏⽁ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	㗅闓䕳ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	냨ᕮ伝ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	㥄䋊締ǜ	RegNtPreCreateKey

HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	깪ﺁ襛ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	暭챗郄ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\explorer.exe	ঔ䕞낼ǜ	RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Satacom.B

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.Super Driver Updater

Trojanized RedAlert Application

iScans Fake Crypto Tracker Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen