» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

4.20.00.00 built by: Windows

MD5:

6fd55a96432bd4a6c959dd9c5a6e86f4

SHA-1:

ae723fc3635321ea8191ce4eb6a7ba8db2dad84a

SHA-256:

adb52f0e7a39689306360353d9ad0f21b7fb1856f0510ff48efd5a00370e0293

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 10:42:52 AM UTC (today)

File size:

200.3 KB (205,112 bytes)

Product version:

4.20

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

10/7/2011 4:09:31 PM

Valid to:

10/7/2012 4:09:31 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ECF13B8CE637B81F878ED4D17A65C14B

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:Y+OxnV1447q/YYAsgTtg+rNqPFi+vZxv1TYx:YLnV1447q/MsMi+rGMsY

Entry point:

0F, 86, BB, B1, 02, 00, 68, 0E, 79, F7, 6B, 0F, 81, F0, 8A, 02, 00, 68, 45, BC, 3B, 9F, E9, 0B, DF, 02, 00, F5, F2, AE, E9, 5B, 8B, 02, 00, 5E, 66, 0F, CD, 66, 0F, CD, 48, 0F, CD, 66, 0F, CD, 5D, C3, 0F, 85, F7, 0B, 00, 00, 66, 0F, A4, C1, 08, 38, CF, C6, 47, FF, 00, C0, D0, 07, 48, 89, D9, D0, E8, F6, DC, 80, CC, 01, 48, 83, EC, 20, 66, 0F, C8, F6, D0, E9, 97, 0D, 00, 00, 2C, 72, 80, FC, 78, F6, D0, 0F, BA, E4, 0F, F9, 3A, 07, F7, D0, 48, 8D, 7F, 01, E9, 49, 8B, 02, 00, 0F, 83, 6F, F0, FF, FF, 80, FF, A2... 
[+]

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.