» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

5.14.00.00 built by: Windows

MD5:

a1e8354b5e5d922cc9b89b266a956f3e

SHA-1:

43fbf425393a5beabda66a632957fac843fc3c3f

SHA-256:

290eaff890774b910d851ba094384fdb8aa38b3af6e8c32244ce530e9d4dd439

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 9:34:46 AM UTC (today)

File size:

160 KB (163,824 bytes)

Product version:

5.14

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\spyshelter personal free\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/3/2010 11:15:25 PM

Valid to:

10/12/2011 12:28:58 AM

Subject:

CN=Datpol Janusz Siemienowicz, OU=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012A38848FCA

File PE Metadata

Compilation timestamp:

4/6/2011 5:56:16 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:A7VlQXXvJcPzL9wfhDHRJSk+Eixcbm7jv5NzKAhXxkPzlsaZI6:SHiXvi2fhDxYjEnmnRNzKAhXxW8

Entry address:

0x4C823

Entry point:

60, E8, AE, 54, 01, 00, 66, 0F, B6, FB, 89, F0, 9C, 0F, 94, C3, 66, 0F, B6, D9, 66, 0F, B6, F8, 8B, 7C, 24, 04, 66, F7, D6, 60, FF, 74, 24, 04, F7, D3, 8B, 74, 24, 2C, C6, 44, 24, 08, 36, 9C, 0F, 98, C3, 0F, 94, C7, 8B, 5C, 24, 34, 9C, 89, EC, F7, D5, 5D, 60, 68, EB, E7, 1D, ED, 60, FF, 74, 24, 04, FF, 74, 24, 48, C2, 50, 00, C7, 44, 24, 28, A8, E4, 02, 00, C7, 04, 24, EF, E6, CF, 08, FF, 34, 24, E9, ED, 44, 01, 00, D2, 01, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, E9, C4, 05, 00, F8, F9, 05, 00, 5A, 04, 06... 
[+]

Entropy:

7.8426

Packer / compiler:

ASPack v1.08.04

Code size:

133.5 KB (136,704 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.