home

SpyShelter.exe

SpyShelter

Datpol Janusz Siemienowicz

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpyShelter’.
Publisher:
Datpol  (signed by Datpol Janusz Siemienowicz)

Product:
SpyShelter

Description:
SpyShelter GUI

Version:
10,1,0,0

MD5:
6e734659fb79c21217d2a1b82f6da36b

SHA-1:
507d6552e124961f088a81ec96afa0b36166ba2e

SHA-256:
2c6a4b6fe8b37b27a96db34ca1f2627bb9f83aa381bc08d4d1b60c01efab16bc

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 7:39:29 AM UTC  (today)

File size:
3.3 MB (3,436,808 bytes)

Product version:
10,1,0,0

Copyright:
(C) Datpol. All rights reserved.

Original file name:
SpyShelter.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\spyshelter premium\spyshelter.exe

Digital Signature
Signed by:
Datpol Janusz Siemienowicz

Authority:
GlobalSign nv-sa

Valid from:
11/5/2014 6:08:03 PM

Valid to:
1/8/2016 4:09:30 PM

Subject:
E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D2FCC60F24553FA9E8F529B814703D51

File PE Metadata
Compilation timestamp:
8/28/2015 12:44:40 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:FKbyVDhOG+p2ZBtgnkb05yCWKO8C3VnCfGPh6GVooM8Btd1OCS2TSpzpWxJ6ES:FKuVDh0p2ZBakytWKOPnCokm1zSZzCjS

Entry address:
0x85965A

Entry point:
EB, 08, 94, E3, 0B, 00, 00, 00, 00, 00, E9, CC, 10, CE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9358  (probably packed)

Code size:
3.2 MB (3,332,096 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpyShelter

Command:
C:\Program Files\spyshelter premium\spyshelter.exe


Scan SpyShelter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.