» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

5.40.00.00 built by: Windows

MD5:

f4567fe22866a8ad5851ab3885e6206a

SHA-1:

9bf33a0c094bcd3958e4762f69481b1079a58c96

SHA-256:

d7eac7fb2462d2da777a17a2f897eca94ef05ca200b9726cd8eb0269c3ae51c0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/4/2024 5:10:42 PM UTC (today)

File size:

203 KB (207,856 bytes)

Product version:

5.40

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/3/2010 5:15:25 PM

Valid to:

10/11/2011 6:28:58 PM

Subject:

CN=Datpol Janusz Siemienowicz, OU=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012A38848FCA

File PE Metadata

Compilation timestamp:

7/4/2011 1:52:27 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:WcBc+jsvovXNwA2BjbNH7SpFaGIKjyY6BA:nBca2gXTibNGYGIK2bBA

Entry address:

0x76A6D

Entry point:

E9, BA, 05, 00, 00, 0F, 85, F9, C8, FE, FF, 66, F7, D6, 48, 8D, B3, 6B, 61, 3A, 01, 66, 89, EE, 66, BE, C5, 73, 48, 8B, 35, F8, DA, FE, FF, E9, CF, 45, FD, FF, 25, 53, 00, E8, 58, 4E, FD, FF, E9, 1E, DC, FE, FF, 80, 3F, 23, E9, C6, CD, FE, FF, 00, 00, 46, 6C, 74, 47, 65, 74, 44, 65, 73, 74, 69, 6E, 61, 74, 69, 6F, 6E, 46, 69, 6C, 65, 4E, 61, 6D, 65, 49, 6E, 66, 6F, 72, 6D, 61, 74, 69, 6F, 6E, 00, 4C, 8B, 45, F8, 88, C2, 48, 89, DA, 66, 0F, BE, C2, 48, 0F, C8, B9, 0B, 00, 00, 00, 48, 8D, 82, 76, 3A, 9C, 19... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

149.5 KB (153,088 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.