home

volcanotool.exe

The executable volcanotool.exe has been detected as malware by 12 anti-virus scanners. While running, it connects to the Internet address gpg.gpgindustries.com on port 80 using the HTTP protocol.
MD5:
43f58894addcfff6b87d859b742aa2d2

SHA-1:
9d57b92ff5f098702efa1ef51aba4a70f370916d

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
5/6/2024 3:31:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.VMProtect
7.1.1

Avira AntiVirus
TR/Black.Gen2
7.11.177.164

AVG
Win32/Blacked
2015.0.3319

Baidu Antivirus
Trojan.Win32.VMProtect
4.0.3.141017

Comodo Security
UnclassifiedMalware
19765

ESET NOD32
Win32/Packed.VMProtect.ABD (variant)
8.10545

Fortinet FortiGate
W32/Malware_fam.NB
10/17/2014

IKARUS anti.virus
Trojan.Black
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13642

McAfee
Artemis!43F58894ADDC
5600.6975

Qihoo 360 Security
Win32/Trojan.e6d
1.0.0.1015

Sophos
Mal/Generic-S
4.98

File size:
17.1 MB (17,909,248 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/30/2014 10:23:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
393216:GK6MZGzcZtS5ak7crXQ+5OBSLM8xPwjVWS6Cizq1JT:GKXGzcWt4Qxh8xPwjVZ1

Entry address:
0x5B3CD54

Entry point:
60, C7, 44, 24, 1C, 51, AB, AF, E8, 9C, E9, AB, 51, FF, FF, 79, 6B, 6F, D0, EA, 3A, 3A, 41, AD, 8E, 06, 2A, FF, 22, 14, 31, 22, 8E, 91, 24, 30, 8E, 1A, 09, 18, 00, B6, 42, 28, 5B, EB, 16, 09, EA, 6C, 49, E3, 41, 5E, 79, 6F, 6D, 74, 32, 33, EC, A6, A8, 5C, 03, 8F, 83, B6, 97, 5E, 08, BF, 2F, 68, 33, 71, 14, D3, 0E, E0, 44, 44, 54, 78, 7A, 8A, A7, 35, AF, F5, C0, 05, 3B, 91, 8F, 9F, A6, 0A, E7, E2, 11, 67, 65, 75, 5F, 53, 98, 9B, C0, C1, D0, 2F, 26, 2C, 65, 9F, CC, 89, 69, 7C, EF, FA, EB, 52, DB, DD, 64, 65...
 
[+]

Entropy:
7.8318  (probably packed)

Code size:
5.9 MB (6,201,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to gpg.gpgindustries.com  (198.57.164.52:80)

TCP (HTTP):
Connects to 203124013114.hkserverdomain.com  (203.124.13.114:8080)

TCP (HTTP):
Connects to host-197.199.253.140.etisalat.com.eg  (197.199.253.140:80)

Remove volcanotool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.