» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

3.1.00.00 built by: Windows

MD5:

a315d86eb1b2532faacd4da6e21e0c82

SHA-1:

2cd300904a31faba561ac1691c6fc65757e9b22a

SHA-256:

83c71a661d6f6c8084dab45764ec63d30cdd570a03ddf8321cdb233192a1e4b5

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

12/26/2024 11:32:17 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.7031

File size:

768.8 KB (787,296 bytes)

Product version:

3.1

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

11/1/2013 10:08:56 AM

Valid to:

12/8/2014 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112176D4B94E84F997B75286D5F8613C2EFD

File PE Metadata

Compilation timestamp:

7/1/2014 2:18:01 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

12288:KJHwr9m3utxyJWNDBjug+5aq02yKW+FFBBlSZL53Q6bvkTaYZg:yHMQ3utUJWNDQh8q02NBY3zJ

Entry address:

0xC3683

Entry point:

E9, 37, CC, FF, FF, C4, 96, 69, CC, 7C, 13, B8, 27, 54, 0E, A5, 14, 7B, 46, 47, 0D, 4B, 1F, 8F, 91, F0, 70, 5F, F9, D8, C9, 24, 50, 43, 29, 6C, 2D, FB, 58, 5B, 62, 37, 05, 20, 91, 2C, 24, DB, 89, 7E, F1, 98, 11, C4, 8E, E3, 83, D9, 7F, 96, 8F, 92, BA, 94, AD, AC, BE, F3, 85, F8, 16, 41, F4, FD, 0A, 88, 9B, B0, 00, 00, D0, E2, 33, 06, 64, 88, 00, 68, 1F, 1C, 47, 18, 55, 54, 0A, B5, 00, 7E, 02, 5E, DF, 60, E7, 69, 59, 1D, 70, F8, 8F, 9C, 1B, 10, EA, F1, CE, 81, 61, FE, 94, D6, 53, FB, AA, 87, 61, 7E, F8, 51... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

148 KB (151,552 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.