» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

4.20.00.00 built by: Windows

MD5:

174c08b118f9db861a531510bee5f119

SHA-1:

34efc40799fa1d33e997f2e05af4211c140662e1

SHA-256:

eb8d9ef16dd5de7aa79816a1766c75ea9c493e2771ec605fd58b27c23a0f4044

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 10:58:20 AM UTC (today)

File size:

211.8 KB (216,888 bytes)

Product version:

4.20

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

10/7/2011 11:09:31 AM

Valid to:

10/7/2012 11:09:31 AM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ECF13B8CE637B81F878ED4D17A65C14B

File PE Metadata

Compilation timestamp:

10/20/2011 12:08:11 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:BM7iojyhovj+ZEWz4Q7CGUHguuHFQebFSW5j8UjQHb3y:BKesjYEWzL+tAVlDgZe

Entry address:

0x79EAA

Entry point:

E9, 25, A1, FE, FF, 0F, 87, C4, 1E, 00, 00, 20, F8, B0, 6A, D2, D8, 48, 29, FB, 48, 0F, A5, FF, 0F, AC, E7, 13, 66, 81, D7, D8, 58, F6, D0, 48, 01, E3, 66, 0F, B6, F8, 66, C1, FF, 0F, 48, 89, DF, F6, D0, 04, D9, D2, C0, FE, C0, B0, 2E, F5, F8, F5, 85, F8, F2, AE, E9, A4, 21, 00, 00, FE, C8, F8, C0, C0, 04, 66, 0F, A3, DE, 04, 13, F8, F5, 0F, BA, E7, 0C, F6, D8, E9, F2, 4C, FD, FF, 66, 0F, BA, E6, 0E, F9, 80, C4, 20, E9, D2, EB, FE, FF, 0F, 87, 5B, 1E, 00, 00, F9, 1C, A9, 30, D0, FE, C8, 48, 29, FB, 66, 0F... 
[+]

Entropy:

7.7838

Packer / compiler:

Xtreme-Protector v1.05

Code size:

158 KB (161,792 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.