spyshelter.sys

Datpol

It runs as a Windows kernel mode device driver named “Spyshelter”.
Publisher:
SpyShelter  (signed by Datpol)

Product:
SpyShelter

Description:
SpyShelter Driver

Version:
10.7.9.0 built by: Windows

MD5:
93cfcf85b88c20c79e940ac17f97ab0d

SHA-1:
e0b44a8c4fa0131c50afef8f588924d1a55f2722

SHA-256:
5e952c2ee8f10bd1dac2143b3ddee3e94c5f66a5e414e7ef752c4caf4d9b7014

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/4/2024 5:14:31 PM UTC  (today)

File size:
804 KB (823,336 bytes)

Product version:
10.7.9

Copyright:
(C) Datpol. All rights reserved.

Original file name:
SpyShelterDrv.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Program Files\spyshelter firewall\spyshelter.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/10/2015 1:37:53 AM

Valid to:
9/10/2016 1:37:53 AM

Subject:
CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C3B40F5627D2C5927A0D3740680419CC

File PE Metadata
Compilation timestamp:
6/23/2016 11:13:58 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
24576:krmb7wNdrBsIfIPiccMT3vVM/yVcvasdNcwoh:2mYNvskIjdM/NvZcfh

Entry address:
0x151EA2

Entry point:
68, 87, 3E, 3C, 00, E8, 7A, ED, FC, FF, 56, 68, 4C, 48, 1E, 00, E9, 0C, 0E, 00, 00, 7D, FA, A7, AB, 65, 89, F4, 58, D4, A7, CF, DD, A7, AB, D8, 8B, D0, A7, 2B, 95, 9C, F1, A7, AB, CD, E3, 30, 58, 54, B2, 29, 3C, 58, 54, C6, F1, D6, A7, 2B, BE, 5F, C8, A7, AB, 8E, 8F, 2F, 58, D4, AA, 0E, 47, 58, 54, F0, 2F, 89, A7, 2B, 5C, DC, 5B, A7, AB, 1E, FA, 23, A7, 2B, 19, 0E, D6, 4B, 1F, BF, A7, 2B, F7, C2, A7, AB, C9, F3, 10, 58, 54, B3, A6, 58, 54, 0E, 8E, 1D, FE, 8D, 93, 58, 54, 5E, 37, 07, A7, 2B, 56, 45, A9, 58...
 
[+]

Entropy:
7.9327  (probably packed)

Code size:
171.5 KB (175,616 bytes)

Driver
Display name:
Spyshelter

Description:
Spyshelter driver

Type:
Kernel device driver (KernelDriver)

Group:
FSFilter Activity Monitor

Depends on:
FltMgr


Scan spyshelter.sys - Powered by Reason Core Security