home

spyshelter.exe

Datpol Janusz Siemienowicz

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpyShelter’.
Publisher:
Datpol Janusz Siemienowicz  (signed and verified)

Version:
1.0.0.0

MD5:
d550c36daf21739c98ece6d3bef592d0

SHA-1:
0738413d06ffd8fcc5084c8a34c4a46c7744fa0a

SHA-256:
bb0de9f2988dc046db85361af2e7f6f29303cbd6e731bcaeee58c64d12998b32

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/27/2024 9:32:12 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
PAK_Generic.009
7.2.303

Trend Micro
PAK_Generic.009
10.465.30

File size:
3.3 MB (3,478,368 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\spyshelter\spyshelter.exe

Digital Signature
Signed by:
Datpol Janusz Siemienowicz

Authority:
GlobalSign nv-sa

Valid from:
8/26/2014 1:14:04 PM

Valid to:
12/8/2014 5:09:30 PM

Subject:
E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata
Compilation timestamp:
10/23/2014 2:29:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:Hyu1aS/bhQ11izlGAsOG03HHv0eAKfGESud/rdmd:Hjfbm1UzHsOd3nsJQtV/Ed

Entry address:
0x7F2666

Entry point:
60, 89, 64, 24, 04, C7, 44, 24, 1C, C2, F5, 2F, A2, E8, F4, 1F, 00, 00, 00, 00, 53, 65, 74, 44, 49, 42, 69, 74, 73, 00, 00, 00, 43, 72, 65, 61, 74, 65, 4D, 65, 6E, 75, 00, 9C, 9C, 8D, 64, 24, 10, 0F, 84, 44, 85, DD, FF, 66, 19, FE, 9C, 66, C1, F6, 04, 66, 81, F2, A5, 71, 8B, 70, 3C, 66, 0F, A4, F2, 03, 01, C6, 66, 0F, BE, D2, 4A, 8B, 56, 78, 66, 0F, BA, E6, 06, E8, 6D, DD, CC, FF, 00, 00, 44, 69, 73, 70, 61, 74, 63, 68, 4D, 65, 73, 73, 61, 67, 65, 41, 00, 00, 00, 46, 69, 6C, 65, 54, 69, 6D, 65, 54, 6F, 4C...
 
[+]

Code size:
4 MB (4,195,840 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpyShelter

Command:
C:\Program Files\spyshelter\spyshelter.exe


Scan spyshelter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.