Action Scope is a portable tool product developed by Antiy Research Institute to reveal the dynamic behavior of programs. By effectively combining the dynamic behavior monitoring and manual interaction analysis, it reveals the specific behavior, module invocation and vulnerability exploitation of each step of the file, classifies each action into threat levels, and assists professional analysts to make judgments.
Action Scope adopts a lightweight and dynamic behavior identification method, which solves the problem of traditional sandbox devices for users, such as excessive reliance on automated detection rules and inconvenience to carry. Action Scope is mainly composed of hook engine, API recorder plug-in, vulnerability detection plug-in, anti-sandbox countermeasure plug-in, WMI counter-plugin, appraiser, scheduler, remote analysis transmission, crash report dump system, and automatic upgrade components.



Deep disclosure of dynamic behavior

Fully get all the system calls of the tested file and reveal the dynamic behavior of the file in detail.


Lightweight dynamic detection

Different from traditional sandbox devices, it adopts lightweight and pure software testing program, which is portable, green and easy to use.


Assisted discovery of unknown threat

By revealing the behavior of the tested file, it is possible to discover the possible dangerous behaviors such as vulnerability exploitation and thread injection in time.

Automatic determination of threat level

By the arbitrator, the threat level of the behaviors of the file being tested is automatically generated, which is helpful to human judgment.


Traceback of dangerous behavior, acquisition of ShellCode

Behavior list


Download to experience more function modules now

Get in touch
For any questions regarding our products, we are here to help.
Contact us
Twitter  LinKedin  Blog  facebook

Privacy Policy  © 2020  safe-stone  Labs. All Rights Reserved