» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

9.5.00.00 built by: Windows

MD5:

e6bc96f14c63dff7ab7f1bbce34468e1

SHA-1:

461254b7c0cc354de41e884ee8d9aaa1b75346b9

SHA-256:

6164091c09d1bb3d47509c9b213063bcdea7893e7fb734bb58ecfdeee5f66d51

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 9:42:32 AM UTC (today)

File size:

373.3 KB (382,304 bytes)

Product version:

9.5

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter personal free\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/26/2014 1:14:04 PM

Valid to:

12/8/2014 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata

Compilation timestamp:

10/23/2014 3:15:38 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:k0HGA6IBE0MC+S2KKz1p9vLSQQOLsoSjLAMVZ6rH28vItEMgwfFaVVf1F0bMbyep:k0HGUMV3m6LFalZK2ngwMVVn0bM+eX48

Entry address:

0xB6162

Entry point:

9C, C7, 04, 24, 42, 0F, 9C, 15, E9, 12, 07, 00, 00, 8D, 64, 24, 04, 0F, 83, 66, 49, 01, 00, 66, 0F, A3, CC, F5, 31, C9, 60, 8D, 64, 24, 20, 0F, 81, A6, 74, FC, FF, 60, 60, 8D, 64, 24, 40, E8, 8C, 23, 01, 00, 60, 9C, E9, 95, 00, FC, FF, 0F, 85, EA, 96, FC, FF, 68, E5, 52, A8, 5D, 88, 0C, 24, E8, 38, 7F, 01, 00, 50, AA, 9C, 60, 8D, 64, 24, 28, E9, 6B, 1E, 01, 00, C7, 44, 24, 40, F1, 19, 4C, 88, 9C, 9C, 9C, 68, 8B, AE, 31, 3E, 8D, 64, 24, 50, E9, F7, A1, 01, 00, 88, DA, 96, D5, 9F, 80, 50, 85, 55, A5, 27, 82... 
[+]

Code size:

128 KB (131,072 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.