» SpyShelterTDI.sys
Overview
Analysis
File Details
Behaviors (1)

SpyShelterTDI.sys

Datpol

It runs as a Windows kernel mode device driver named “SpyshelterFw”.

File name:

SpyShelterTDI.sys

Publisher:

SpyShelter (signed by Datpol)

Product:

SpyShelter

Description:

SpyShelter Firewall Driver

Version:

10.8.4.0 built by: WinDDK

MD5:

23222e7b8f5be48b2509cf66c9719446

SHA-1:

20957db7eece2a930460582a842bed3364847283

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 4:55:36 AM UTC (today)

File size:

61.7 KB (63,160 bytes)

Product version:

10.8.4

Original file name:

SpyShelterTDI.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter firewall\spysheltertdi.sys

Digital Signature

Signed by:

Datpol

Authority:

GlobalSign nv-sa

Valid from:

9/9/2015 3:37:53 PM

Valid to:

9/9/2016 3:37:53 PM

Subject:

CN=Datpol, O=Datpol, L=Olkusz, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C3B40F5627D2C5927A0D3740680419CC

File PE Metadata

Compilation timestamp:

8/21/2016 12:34:02 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:XpUhFrh/aN2MCY8CW76d9sVIHMSkgTm5FBYum9e8QQ6ieTHVXNYn23+zjF0u3eoc:4rhCN2MCh7i95MzR8QQw92TH7Ev

Entry address:

0xB03E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 16, 82, FF, FF, CC, CC, E4, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 92, B7, 00, 00, 30, 70, 00, 00, B4, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2C, B8, 00, 00, 00, 70, 00, 00, DC, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 48, B8, 00, 00, 28, 70, 00, 00, CC, B0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D8, BA, 00, 00, 18, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CE, B7, 00, 00, F0, B7, 00, 00, 04, B8... 
[+]

Entropy:

6.9802

Code size:

29.5 KB (30,208 bytes)

Driver

Display name:

SpyshelterFw

Type:

Kernel device driver (KernelDriver)

Scan SpyShelterTDI.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.