home

SpyShelter.exe

SpyShelter

Datpol

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpyShelter’.
Publisher:
Datpol  (signed and verified)

Product:
SpyShelter

Description:
SpyShelter GUI

Version:
10,5,2,0

MD5:
95d0b7e20228e44d63a39d1c066177d3

SHA-1:
6e690a8a7d127516c7c1dcc7df3c3f80f04fdbb2

SHA-256:
08ffa3a51a65120edf0703f244857383f8a70a50f155b25b76255d4a67951d45

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:44:29 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen3
8.3.2.2

F-Secure
Adware.MultiPlug.CY
5.15.21

IKARUS anti.virus
not-a-virus:AdWare.Amonetize
t3scan.1.9.5.0

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.RDM.17!5.17[F1]
23.00.65.151112

Vba32 AntiVirus
Malware-Cryptor.General.6
3.12.26.4

File size:
3 MB (3,168,008 bytes)

Product version:
10,5,2,0

Copyright:
(C) Datpol. All rights reserved.

Original file name:
SpyShelter.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\spyshelter free anti-keylogger\spyshelter.exe

Digital Signature
Signed by:
Datpol

Authority:
GlobalSign nv-sa

Valid from:
9/9/2015 4:37:53 PM

Valid to:
9/9/2016 4:37:53 PM

Subject:
CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C3B40F5627D2C5927A0D3740680419CC

File PE Metadata
Compilation timestamp:
11/14/2015 12:02:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Z9kUyihuLZnGrl4yHclNZzojtjRwMv8bHPz/f5X3JiwCsF97IUL/S8pBYM9:DKi6ZnIl4MiNytw5bvz3p3VCQTS8fYC

Entry address:
0x7CDFDC

Entry point:
EB, 08, F8, 3A, 1E, 00, 00, 00, 00, 00, E9, D1, 36, F6, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 30, 4E, 00, 0C, 00, 00, 00, D4, 3A, 00, 0A, 00, 40, 4E, 00, 10, 00, 00, 00, 36, 3C, 97, 3C, AB, 3C, 00, 0C, 00, 50, 4E, 00, 0C, 00, 00, 00, 0F, 3E, 00, 0E, 00, 60, 4E, 00, 0C, 00, 00, 00, 4A, 3B, 00, 0B, 00, 70, 4E, 00, 0C, 00, 00, 00, 91, 3D, FA, 3E, 00, 80, 4E, 00, 0C, 00, 00, 00, AA, 34, F6, 38, 00, B0, 4E, 00, 0C, 00, 00, 00, B7, 3B, 00, 0B, 00, C0, 4E, 00...
 
[+]

Entropy:
7.9317  (probably packed)

Code size:
2.9 MB (3,059,712 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpyShelter

Command:
C:\Program Files\spyshelter free anti-keylogger\spyshelter.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to spyshelter.com  (92.51.134.197:80)

Scan SpyShelter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.