home

spyshelter.sys

Datpol

It runs as a Windows kernel mode device driver named “Spyshelter”.
Publisher:
SpyShelter  (signed by Datpol)

Product:
SpyShelter

Description:
SpyShelter Driver

Version:
10.8.3.0 built by: Windows

MD5:
da51998293ff293175cc5a91ecf25837

SHA-1:
e629228bb9e1f0a5ec0af3d7ac5da000ae51ea88

SHA-256:
e207aaa5198a010908a3f1326534c7bd567be708ed33589c4afab8a14a461557

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:56:24 AM UTC  (today)

File size:
1.4 MB (1,416,744 bytes)

Product version:
10.8.3

Copyright:
(C) Datpol. All rights reserved.

Original file name:
SpyShelterDrv.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature
Signed by:
Datpol

Authority:
GlobalSign nv-sa

Valid from:
9/9/2015 4:37:53 PM

Valid to:
9/9/2016 4:37:53 PM

Subject:
CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C3B40F5627D2C5927A0D3740680419CC

File PE Metadata
Compilation timestamp:
8/3/2016 10:43:13 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
24576:KOmGz9lbMMp7Q0MoHAiThciMSl3pKr3i97zojTYzZTYtMnv+WV0L77fs:MGl4Mk0MWThmA3p+ShzojTYzZT0M2VfA

Entry address:
0x2F9334

Entry point:
68, B6, AC, 30, 00, E8, C8, 15, EC, FF, E9, B6, B5, EE, FF, 8B, 55, 0C, 66, F7, C6, 50, 6A, 85, D2, E9, 88, 8C, ED, FF, 66, 3B, DB, C1, EF, 05, F5, E9, 20, DC, ED, FF, F6, 5D, 34, 97, 60, 54, A5, C9, 68, AE, 25, 96, 36, 97, 8A, 56, FB, 0E, 86, B9, 96, AC, C9, 68, 98, F4, AC, 36, 97, 29, EA, B5, 0D, 86, 47, C0, 81, 70, 86, 27, 0C, 28, C9, 68, 22, A9, D4, F1, 79, D0, 87, 95, 35, 97, AF, 2C, B0, 0C, 86, CF, 9C, 12, C3, 0C, 90, D6, 68, 8C, 84, 41, 05, 8C, E1, 6F, 86, EB, 58, 4F, D5, 68, 7A, 65, D6, EF, 79, 87...
 
[+]

Entropy:
7.9753  (probably packed)

Code size:
166.5 KB (170,496 bytes)

Driver
Display name:
Spyshelter

Description:
Spyshelter driver

Type:
Kernel device driver (KernelDriver)

Group:
FSFilter Activity Monitor

Depends on:
FltMgr


Scan spyshelter.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.