× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b68539d39502c1226b1df74f6ddda66741f04e63eb3bbf0752c01e19d56fc646
File name: umbraoptimizer32.dll
Detection ratio: 0 / 67
Analysis date: 2018-05-16 08:02:15 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware 20180516
AegisLab 20180516
AhnLab-V3 20180516
Alibaba 20180516
ALYac 20180516
Antiy-AVL 20180516
Arcabit 20180516
Avast 20180516
Avast-Mobile 20180516
AVG 20180516
Avira (no cloud) 20180516
AVware 20180428
Babable 20180406
Baidu 20180511
BitDefender 20180516
Bkav 20180515
CAT-QuickHeal 20180516
ClamAV 20180516
CMC 20180515
Comodo 20180516
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180516
Cyren 20180516
eGambit 20180516
Emsisoft 20180516
Endgame 20180507
ESET-NOD32 20180516
F-Prot 20180516
F-Secure 20180516
Fortinet 20180516
GData 20180516
Ikarus 20180515
Sophos ML 20180503
Jiangmin 20180516
K7AntiVirus 20180516
K7GW 20180516
Kaspersky 20180516
Kingsoft 20180516
Malwarebytes 20180516
MAX 20180516
McAfee 20180516
McAfee-GW-Edition 20180516
Microsoft 20180516
eScan 20180516
NANO-Antivirus 20180516
nProtect 20180516
Palo Alto Networks (Known Signatures) 20180516
Panda 20180515
Qihoo-360 20180516
Rising 20180516
SentinelOne (Static ML) 20180225
Sophos AV 20180515
SUPERAntiSpyware 20180516
Symantec 20180516
Symantec Mobile Insight 20180516
Tencent 20180516
TheHacker 20180516
TotalDefense 20180516
TrendMicro 20180516
TrendMicro-HouseCall 20180516
Trustlook 20180516
VBA32 20180515
VIPRE 20180516
ViRobot 20180516
Webroot 20180516
Yandex 20180516
Zillya 20180516
ZoneAlarm by Check Point 20180516
Zoner 20180515
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-27 16:41:13
Entry Point 0x0004B2F1
Number of sections 5
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
ResumeThread
LocalSize
InterlockedDecrement
FormatMessageA
SetLastError
InitializeCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
QueryPerformanceFrequency
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreateMutexA
SetFilePointer
InterlockedExchangeAdd
CreateSemaphoreA
CreateThread
CreatePipe
SetUnhandledExceptionFilter
ExitThread
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCPInfo
GetProcAddress
GetProcessHeap
CompareStringW
CompareStringA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
dll

TimeStamp
2012:02:27 17:41:13+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
415744

LinkerVersion
9.0

EntryPoint
0x4b2f1

InitializedDataSize
113664

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 650a7ef35bf9bfc90e648aab7b54e685
SHA1 d487af235a1f4c70745f27f027408148e0d4abe0
SHA256 b68539d39502c1226b1df74f6ddda66741f04e63eb3bbf0752c01e19d56fc646
ssdeep
12288:oCsqS/Z4Ey20Y+7CgByuoHOr1ZDSaG/UTk:fsTpAjB/cOr1w/U

authentihash 3864b4e6b26c0a646b0dc1773e431f420230f6235130679e447380ff2a517bb8
imphash 546d5bd793b546b7f5ecad82266ecc31
File size 518.0 KB ( 530432 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll

VirusTotal metadata
First submission 2012-04-14 14:09:39 UTC ( 6 years, 3 months ago )
Last submission 2018-05-16 08:02:15 UTC ( 2 months ago )
File names umbraoptimizer32.dll
D53650130047A64F188308AC2B9F6C0078682608.dll
umbraoptimizer32.dll
umbraoptimizer32.dll
umbraoptimizer32.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!