» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

9.1.00.00 built by: Windows

MD5:

b9cf078f188e3175995be9d8d277fad1

SHA-1:

1ca6b6a9442aa9ff5afcf9a9104eced5fc13ef89

SHA-256:

ffc70c1b5d1f8c6a4c74ae2b0a1e1866381e04b487d4d491a1acf6ea08bf4203

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/2/2024 7:30:48 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

19554

McAfee

Generic Obfuscated.c

5600.7053

Trend Micro House Call

Suspicious_GEN.F47V0731

7.2.278

File size:

722.8 KB (740,192 bytes)

Product version:

9.1

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

11/1/2013 5:08:56 AM

Valid to:

12/8/2014 11:09:30 AM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112176D4B94E84F997B75286D5F8613C2EFD

File PE Metadata

Compilation timestamp:

7/1/2014 8:10:13 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

12288:eafW8KaKIdRbrLjQFLhWS7mc5gaMDUlWgXfgBZf6CELtIyVaVK3:5fvKaKybLwPyc5EggBELtgm

Entry address:

0xBE84D

Entry point:

E9, D7, F8, FE, FF, 0F, 87, EC, 05, 00, 00, E9, 9F, 04, FF, FF, 66, 0F, BA, E3, 0D, F9, F5, 2B, 4A, 10, 0F, 88, C5, 20, FF, FF, F8, 3B, 4A, 14, E9, 97, 23, FF, FF, E9, 15, 82, FF, FF, 19, 5D, ED, F4, 66, B7, 61, E8, F9, 95, 9E, D0, 6F, F3, 28, 32, 6B, 47, F2, 90, 19, 9D, A8, F6, 07, 67, 6C, FE, 35, 4D, C8, E2, 3F, 7C, 3C, 3A, B7, DF, 06, B1, 0B, 43, 9C, EE, 3F, 63, 0C, 5A, CD, 99, ED, 4E, E6, 20, 2A, 3E, 70, 6F, C8, 9E, 23, 3F, 01, 5F, 26, 80, 45, 71, 15, ED, F4, 0F, C6, E7, A5, 8B, FE, 68, AD, 3C, FC, 9A... 
[+]

Entropy:

7.2480

Packer / compiler:

Xtreme-Protector v1.05

Code size:

144.5 KB (147,968 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.