» spyshelterwfp.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelterwfp.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “SpyshelterFw”.

File name:

spyshelterwfp.sys

Publisher:

Datpol Janusz Siemienowicz (signed and verified)

MD5:

3ca9ecd556852f14b7532db00dc283b8

SHA-1:

e389233aaa835c1e9b71b3d17fbb71559a5e81a2

SHA-256:

a417df2db71e1a79610c0a59322f86a4eca2a95fc72ed16a57cae963c161324f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 7:52:01 AM UTC (today)

File size:

104.8 KB (107,272 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\spyshelter firewall\spyshelterwfp.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

11/5/2014 6:08:03 PM

Valid to:

1/8/2016 4:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D2FCC60F24553FA9E8F529B814703D51

File PE Metadata

Compilation timestamp:

3/11/2015 10:46:03 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

Entry address:

0x234FE

Entry point:

E9, 97, 41, FF, FF, 50, B0, 3B, F6, D0, AC, 66, 0F, BA, E2, 0C, E9, 2C, EC, FE, FF, E9, 12, 13, FF, FF, E9, ED, FD, FF, FF, F9, 48, 09, D2, E9, 95, 42, FF, FF, E9, 24, 9E, FF, FF, F5, 48, 39, D0, E9, 33, A3, FF, FF, 0F, 85, CE, AC, FF, FF, F9, F9, F5, 66, 85, C2, C6, 47, FF, 00, E9, A0, AA, FF, FF, FE, C0, F5, F6, D0, 66, F7, C2, AE, 82, E9, 9C, BD, FF, FF, E9, 36, 13, 00, 00, 3C, 09, E9, 24, 14, FF, FF, 0F, 87, 4D, 1E, 00, 00, F5, 48, 29, FB, E9, 25, A8, FF, FF, 00, 00, 4B, 65, 4C, 65, 61, 76, 65, 43, 72... 
[+]

Entropy:

7.4323

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

35 KB (35,840 bytes)

Driver

Display name:

SpyshelterFw

Type:

Kernel device driver (KernelDriver)

Scan spyshelterwfp.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.