» spyshelterwfp.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelterwfp.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “SpyshelterFw”.

File name:

spyshelterwfp.sys

Publisher:

Datpol Janusz Siemienowicz (signed and verified)

MD5:

a7c9cfd88698566fa3a2400dc31df382

SHA-1:

839569379a36ab04c4e59f736f67c36ad2b5d8bf

SHA-256:

98ecd3586493f27d7d7c19908c926c2a533b620000a6fa9cbec516b54ba24dfd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 9:35:34 AM UTC (today)

File size:

84.8 KB (86,840 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\spyshelter firewall\spyshelterwfp.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

9/9/2012 3:58:51 AM

Valid to:

11/7/2013 7:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EAB2799A417769A6985740A2E4F3F285

File PE Metadata

Compilation timestamp:

5/22/2013 10:06:19 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

1536:RTPszJo6oNiCeusMOrzjXocDcKwTbmXefJakWM4wXpkOVYw7n9ZW2NmiRv:RTPwu6sshjXocAK8yufJQMPfVYw7nTWy

Entry address:

0x1F9EA

Entry point:

E9, 77, 8C, FF, FF, 52, 66, 0F, B6, F9, 8D, 53, 04, 66, 0F, B6, F1, 68, 8A, EE, 7C, 5A, 8D, 34, FD, B5, 8B, 44, CD, E9, B1, 84, FF, FF, 60, E8, 03, A2, FF, FF, 89, D7, 60, 66, 0F, C9, 89, F9, 8D, 64, 24, 20, 9C, 8D, 64, 24, 04, 0F, 80, 1C, F7, FE, FF, 0F, 96, C0, B0, A4, 8A, 01, 68, 0E, 7F, 22, 02, 68, C8, 1D, 12, F4, 88, C4, E9, CC, F6, FE, FF, 00, 00, 50, 73, 50, 72, 6F, 63, 65, 73, 73, 54, 79, 70, 65, 00, E8, 28, DF, FF, FF, 66, 0F, A3, ED, 9C, 66, 0F, A3, EF, 8D, 64, 24, 04, 0F, 81, 94, 57, FF, FF, 3D... 
[+]

Entropy:

7.5275

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

27 KB (27,648 bytes)

Driver

Display name:

SpyshelterFw

Type:

Kernel device driver (KernelDriver)

Scan spyshelterwfp.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.