» SpyShelterKb.sys
Overview
Analysis
File Details
Behaviors (1)

SpyShelterKb.sys

Datpol

It runs as a Windows kernel mode device driver named “SpyshelterKb”.

File name:

SpyShelterKb.sys

Publisher:

SpyShelter (signed by Datpol)

Product:

SpyShelter

Description:

SpyShelter Additional Driver

Version:

10.6.0.0 built by: WinDDK

MD5:

db3f16d868603b25a37f76dc9874f4d5

SHA-1:

021505842ba2e59be94f0037bff1b13689ce5fd9

SHA-256:

64f6168e1e6fdabb9790c9bb718efc3ebce31977fa2bed552a838ff0df84dc41

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/27/2024 6:35:35 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Chir.B

7.11.30.172

File size:

129.4 KB (132,488 bytes)

Product version:

10.6

Original file name:

SpyShelterKb.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelterkb.sys

Digital Signature

Signed by:

Datpol

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 7:54:53 AM

Valid to:

9/9/2016 11:37:53 AM

Subject:

CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B855E0C0CC521D24E52FEBEB543ED512

File PE Metadata

Compilation timestamp:

12/17/2015 8:00:18 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:Q10G1U+qNjgmqUEhwJ3IJEwl9OO75lAaSKsJ:80GK+nKE83MEwPOOwhR

Entry address:

0x47FA5

Entry point:

E9, A1, B7, FF, FF, 0F, 83, 08, BB, FF, FF, 0F, BB, F7, 89, C3, 66, C1, FF, 03, 0F, B6, C9, 89, C7, 9C, 66, 0F, A5, E9, B9, 04, 01, 00, 00, E9, 4F, 64, FF, FF, 60, FF, 74, 24, 08, 3B, 4D, F8, 60, 8D, 64, 24, 44, 0F, 86, C9, BA, FF, FF, 0F, BD, FB, 66, D3, F7, 9C, 66, 0F, A4, CE, 0C, 83, E9, 01, 66, 0F, CF, 89, 4D, FC, 8D, 64, 24, 04, 66, C1, CE, 06, C0, E5, 02, 66, 0F, B3, C9, 8B, 4D, F8, E8, 86, 6E, FF, FF, 00, 00, 53, 70, 53, 5F, 43, 6F, 6E, 74, 72, 6F, 6C, 46, 75, 6E, 63, 74, 69, 6F, 6E, 36, 00, 00, 00... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

45.5 KB (46,592 bytes)

Driver

Display name:

SpyshelterKb

Type:

Kernel device driver (KernelDriver)

Depends on:

SpyShelter

Scan SpyShelterKb.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.