spyshelterwfp.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “SpyshelterFw”.
Publisher:
Datpol Janusz Siemienowicz  (signed and verified)

MD5:
b39ec72e3c95f981df8ba41d6eb511b9

SHA-1:
caff735d82b727f01956de4d8c30ddd9fb3af53f

SHA-256:
84210c31d8e4beb5c107729fdfea15d3e1bf2dd305e455410c18783c8dd40725

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/4/2024 5:00:45 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Generic Obfuscated.c
5600.6968

Trend Micro House Call
PAK_Generic.005
7.2.296

Trend Micro
PAK_Generic.005
10.465.23

File size:
121.8 KB (124,768 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Program Files\spyshelter\spyshelterwfp.sys

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
8/26/2014 1:14:04 PM

Valid to:
12/8/2014 5:09:30 PM

Subject:
E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata
Compilation timestamp:
10/23/2014 2:30:43 PM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
3072:zoyag1OMj7u+nqWFGJGhMdkR7r9yT34jWSFfh/8j/dW6K:zmg1Zu+TnMyr9845ZhK/86K

Entry address:
0x1DB77

Entry point:
E9, C6, FB, FF, FF, 10, C0, E9, 06, F7, FF, FF, 0F, 82, 1F, 02, 00, 00, 0F, 85, 86, B1, FF, FF, 66, 0F, A3, C0, 48, 3B, 45, F0, E9, 90, AA, 00, 00, 66, 87, 03, E9, C1, 0A, 00, 00, E9, 0F, BE, FF, FF, 80, E7, F5, 80, DF, AD, 66, 0F, BD, DE, F6, C7, 38, 66, 8B, 1E, E9, 51, A5, FF, FF, 0F, 87, 23, 0B, 00, 00, E9, 37, A4, FF, FF, 83, 75, B9, 8C, B7, 76, 83, 1C, 8C, 53, FD, D6, EF, F8, 7F, 82, B6, 02, 64, 85, 72, 0D, 17, E8, 95, 77, D2, 1D, F4, 19, 22, 42, 24, C4, 11, AB, A3, BD, CC, A7, B2, D4, 74, 17, 51, 2A...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
35 KB (35,840 bytes)

Driver
Display name:
SpyshelterFw

Type:
Kernel device driver (KernelDriver)


Scan spyshelterwfp.sys - Powered by Reason Core Security