» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

2.8.00.00 built by: Windows

MD5:

4a9b12912ce860aedd333c02fe290b97

SHA-1:

eb2c1ca215434efadba5e2c3a69c830302538782

SHA-256:

8bc0b19dd4a03464d477b2b4f819735e6d678f989e00607ca617fa06e8d9323f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/2/2024 7:22:40 PM UTC (today)

File size:

382.8 KB (392,032 bytes)

Product version:

2.8

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\spyshelter firewall\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

11/1/2013 12:08:56 PM

Valid to:

12/8/2014 7:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112176D4B94E84F997B75286D5F8613C2EFD

File PE Metadata

Compilation timestamp:

11/29/2013 10:16:11 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:Pz0WX8u0uHIBGIYXzDnpzLP/G3qiWvhtc2EpyKLsGdEBFgRbvoxV5dzI+q:QWX8ncjlP/WePrEpZLUGjwV59Bq

Entry address:

0xCBD76

Entry point:

55, C7, 04, 24, 96, 5A, 70, 0A, 68, D4, 40, 10, 75, FF, 34, 24, C7, 44, 24, 04, 24, DE, E7, 7E, FF, 34, 24, 60, FF, 34, 24, 8D, 64, 24, 2C, E9, 41, 6D, 00, 00, F8, F8, 80, FA, B9, 60, 2B, 4A, 10, F5, 68, 61, 95, 23, 90, 3B, 4A, 14, 88, 34, 24, 54, E9, 96, DB, FA, FF, 68, 07, 1C, 52, D0, 89, F0, 8D, 64, 24, 04, 68, B2, 15, 9E, 77, 68, 8C, 5D, AA, E0, 9C, 66, 0F, CF, 8B, 7C, 24, 0C, 60, 66, 87, DE, 9C, 8B, 74, 24, 34, FF, 74, 24, 08, E8, 0F, 0E, 00, 00, 77, DF, 12, DD, 74, C1, 99, 99, 4C, 5A, A0, F6, 91, BD... 
[+]

Entropy:

7.9099 (probably packed)

Code size:

128 KB (131,072 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.