eNotAPI2.dll

eNotAPI2

OOO

The module eNotAPI2.dll by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Triasoft Inc.  (signed by OOO )

Product:
eNotAPI2

Version:
4.05.0105

MD5:
aa72afbd2b17ebf9d1fdc701bbba58ea

SHA-1:
73b001f24ba00d2760fe252a163a258c7d9189f9

SHA-256:
92fbe73378868434a4da4fbb282a23d8a6077c6c1e346cd815c7ae4e22a0c1bb

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:46:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.13.1

File size:
1.6 MB (1,631,072 bytes)

Product version:
4.05.0105

Original file name:
eNotAPI2.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Windows\System32\enotapi2.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/7/2016 10:00:00 AM

Valid to:
3/8/2019 9:59:59 AM

Subject:
CN="OOO ""TRIASOFT-SERVIS""", O="OOO ""TRIASOFT-SERVIS""", STREET="5, building 23, street 4806, Zelenograd", L=Moscow, S=Moscow, PostalCode=124498, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
09C2413E3B0CACE3E855A2C1A5CADBD6

Registration
CLSIDs:
{166AD796-FE10-44B0-ACC6-E30E5A3277BF}, {1683B33C-6E0F-4E63-BE6E-A31785082265}, {1DC5880E-E94A-4886-9EE6-3DC77DC02AB8}, {2149CCB4-226A-4FF1-A1E3-7893E6C370C6}, {2204D703-41B3-41E8-8064-67A672309BB7}, {25168686-7D58-4018-9DB0-3BEB5AD7AD27}

ProgIDs:
eNotAPI2.vrsFNS, eNotAPI2.clsInheritanceAPI, eNotAPI2.clsInheritanceRegAPI, eNotAPI2.clsBlankStorageAPI, eNotAPI2.clsCanPOAAPI, eNotAPI2.vrsCanPOA, eNotAPI2.clsArrestsRangeKindAPI, eNotAPI2.vrsStatReports, eNotAPI2.vrsNotaries, eNotAPI2.clsBlanksRangeAPI

COM registered:
Yes

File PE Metadata
Compilation timestamp:
3/3/2017 3:52:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x8318

Entry point:
5A, 68, 20, C8, 15, 11, 68, 24, C8, 15, 11, 52, E9, E7, FF, FF, FF, 00, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D6, DB, 3D, 52, 68, 18, E5, 4F, A8, 4B, A2, 3A, 0D, 2E, 30, D2, 00, 00, 00, 00, 00, 00, 01, 00, 0A, 00, 20, 20, 6D, 61, 78, 5F, 65, 4E, 6F, 74, 41, 50, 49, 32, 00, 52, 65, 61, 64, 58, 6D, 6C, 00, 74, 74, 72, 28, 58, 4D, 4C, B0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 4A, 00, 00, 00, B3, 61, 56, 28, CE, 2E, 7B, 4C, B2, 08, 0D, 62, C6, B7, FF, 94...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
1.3 MB (1,400,832 bytes)

Automation Object
CLSID:
{166AD796-FE10-44B0-ACC6-E30E5A3277BF}

CLSID name:
eNotAPI2.vrsFNS


Remove eNotAPI2.dll - Powered by Reason Core Security