» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol

It runs as a Windows kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

10.7.9.0 built by: Windows

MD5:

93cfcf85b88c20c79e940ac17f97ab0d

SHA-1:

e0b44a8c4fa0131c50afef8f588924d1a55f2722

SHA-256:

5e952c2ee8f10bd1dac2143b3ddee3e94c5f66a5e414e7ef752c4caf4d9b7014

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/4/2024 5:14:31 PM UTC (today)

File size:

804 KB (823,336 bytes)

Product version:

10.7.9

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter firewall\spyshelter.sys

Digital Signature

Signed by:

Datpol

Authority:

GlobalSign nv-sa

Valid from:

9/10/2015 1:37:53 AM

Valid to:

9/10/2016 1:37:53 AM

Subject:

CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C3B40F5627D2C5927A0D3740680419CC

File PE Metadata

Compilation timestamp:

6/23/2016 11:13:58 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

24576:krmb7wNdrBsIfIPiccMT3vVM/yVcvasdNcwoh:2mYNvskIjdM/NvZcfh

Entry address:

0x151EA2

Entry point:

68, 87, 3E, 3C, 00, E8, 7A, ED, FC, FF, 56, 68, 4C, 48, 1E, 00, E9, 0C, 0E, 00, 00, 7D, FA, A7, AB, 65, 89, F4, 58, D4, A7, CF, DD, A7, AB, D8, 8B, D0, A7, 2B, 95, 9C, F1, A7, AB, CD, E3, 30, 58, 54, B2, 29, 3C, 58, 54, C6, F1, D6, A7, 2B, BE, 5F, C8, A7, AB, 8E, 8F, 2F, 58, D4, AA, 0E, 47, 58, 54, F0, 2F, 89, A7, 2B, 5C, DC, 5B, A7, AB, 1E, FA, 23, A7, 2B, 19, 0E, D6, 4B, 1F, BF, A7, 2B, F7, C2, A7, AB, C9, F3, 10, 58, 54, B3, A6, 58, 54, 0E, 8E, 1D, FE, 8D, 93, 58, 54, 5E, 37, 07, A7, 2B, 56, 45, A9, 58... 
[+]

Entropy:

7.9327 (probably packed)

Code size:

171.5 KB (175,616 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.