» eNotAPI2.dll
Overview
Analysis
File Details
Behaviors (1)

eNotAPI2.dll

eNotAPI2

OOO

The module eNotAPI2.dll by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

eNotAPI2.dll

Publisher:

Triasoft Inc. (signed by OOO )

Product:

eNotAPI2

Version:

4.05.0105

MD5:

aa72afbd2b17ebf9d1fdc701bbba58ea

SHA-1:

73b001f24ba00d2760fe252a163a258c7d9189f9

SHA-256:

92fbe73378868434a4da4fbb282a23d8a6077c6c1e346cd815c7ae4e22a0c1bb

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 10:49:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.13.1

File size:

1.6 MB (1,631,072 bytes)

Product version:

4.05.0105

Original file name:

eNotAPI2.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\enotapi2.dll

Digital Signature

Signed by:

OOO

Authority:

COMODO CA Limited

Valid from:

3/7/2016 10:00:00 AM

Valid to:

3/8/2019 9:59:59 AM

Subject:

CN="OOO ""TRIASOFT-SERVIS""", O="OOO ""TRIASOFT-SERVIS""", STREET="5, building 23, street 4806, Zelenograd", L=Moscow, S=Moscow, PostalCode=124498, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

09C2413E3B0CACE3E855A2C1A5CADBD6

Registration

CLSIDs:

{166AD796-FE10-44B0-ACC6-E30E5A3277BF}, {1683B33C-6E0F-4E63-BE6E-A31785082265}, {1DC5880E-E94A-4886-9EE6-3DC77DC02AB8}, {2149CCB4-226A-4FF1-A1E3-7893E6C370C6}, {2204D703-41B3-41E8-8064-67A672309BB7}, {25168686-7D58-4018-9DB0-3BEB5AD7AD27}

ProgIDs:

eNotAPI2.vrsFNS, eNotAPI2.clsInheritanceAPI, eNotAPI2.clsInheritanceRegAPI, eNotAPI2.clsBlankStorageAPI, eNotAPI2.clsCanPOAAPI, eNotAPI2.vrsCanPOA, eNotAPI2.clsArrestsRangeKindAPI, eNotAPI2.vrsStatReports, eNotAPI2.vrsNotaries, eNotAPI2.clsBlanksRangeAPI

COM registered:

Yes

File PE Metadata

Compilation timestamp:

3/3/2017 3:52:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x8318

Entry point:

5A, 68, 20, C8, 15, 11, 68, 24, C8, 15, 11, 52, E9, E7, FF, FF, FF, 00, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D6, DB, 3D, 52, 68, 18, E5, 4F, A8, 4B, A2, 3A, 0D, 2E, 30, D2, 00, 00, 00, 00, 00, 00, 01, 00, 0A, 00, 20, 20, 6D, 61, 78, 5F, 65, 4E, 6F, 74, 41, 50, 49, 32, 00, 52, 65, 61, 64, 58, 6D, 6C, 00, 74, 74, 72, 28, 58, 4D, 4C, B0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 4A, 00, 00, 00, B3, 61, 56, 28, CE, 2E, 7B, 4C, B2, 08, 0D, 62, C6, B7, FF, 94... 
[+]

Developed / compiled with:

Microsoft Visual Basic v6.0

Code size:

1.3 MB (1,400,832 bytes)

Automation Object

CLSID:

{166AD796-FE10-44B0-ACC6-E30E5A3277BF}

CLSID name:

eNotAPI2.vrsFNS

Remove eNotAPI2.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.