» spyshelterwfp.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelterwfp.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “SpyshelterFw”.

File name:

spyshelterwfp.sys

Publisher:

Datpol Janusz Siemienowicz (signed and verified)

MD5:

b39ec72e3c95f981df8ba41d6eb511b9

SHA-1:

caff735d82b727f01956de4d8c30ddd9fb3af53f

SHA-256:

84210c31d8e4beb5c107729fdfea15d3e1bf2dd305e455410c18783c8dd40725

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/4/2024 5:00:45 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.6968

Trend Micro House Call

PAK_Generic.005

7.2.296

Trend Micro

PAK_Generic.005

10.465.23

File size:

121.8 KB (124,768 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\spyshelter\spyshelterwfp.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/26/2014 1:14:04 PM

Valid to:

12/8/2014 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata

Compilation timestamp:

10/23/2014 2:30:43 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:zoyag1OMj7u+nqWFGJGhMdkR7r9yT34jWSFfh/8j/dW6K:zmg1Zu+TnMyr9845ZhK/86K

Entry address:

0x1DB77

Entry point:

E9, C6, FB, FF, FF, 10, C0, E9, 06, F7, FF, FF, 0F, 82, 1F, 02, 00, 00, 0F, 85, 86, B1, FF, FF, 66, 0F, A3, C0, 48, 3B, 45, F0, E9, 90, AA, 00, 00, 66, 87, 03, E9, C1, 0A, 00, 00, E9, 0F, BE, FF, FF, 80, E7, F5, 80, DF, AD, 66, 0F, BD, DE, F6, C7, 38, 66, 8B, 1E, E9, 51, A5, FF, FF, 0F, 87, 23, 0B, 00, 00, E9, 37, A4, FF, FF, 83, 75, B9, 8C, B7, 76, 83, 1C, 8C, 53, FD, D6, EF, F8, 7F, 82, B6, 02, 64, 85, 72, 0D, 17, E8, 95, 77, D2, 1D, F4, 19, 22, 42, 24, C4, 11, AB, A3, BD, CC, A7, B2, D4, 74, 17, 51, 2A... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

35 KB (35,840 bytes)

Driver

Display name:

SpyshelterFw

Type:

Kernel device driver (KernelDriver)

Scan spyshelterwfp.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.