home

shield.sys

Spectra Computers India Private Limited

It runs as a Windows kernel mode device driver named “Shield”.
Publisher:
Spectra Computers India Private Limited  (signed and verified)

Description:
WINNT/2K/XP/2003 Driver

Version:
1.0.10.0 built by: WinDDK

MD5:
527a18f6a0faf44cf70b51bdc7ec5b37

SHA-1:
b38d352d081f1c5c972b8c7450cc33544fab88c7

SHA-256:
b3d66428ea2ecdb77422b5dff34983e6ffeefc7e66e62479e27218f4b219383c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/16/2024 6:37:31 PM UTC  (today)

File size:
134.1 KB (137,296 bytes)

Product version:
1.0.10.0

Copyright:
Patent pending. All rights reserved.

Original file name:
SYSSHD.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\shield.sys

Digital Signature
Signed by:
Spectra Computers India Private Limited

Authority:
VeriSign, Inc.

Valid from:
5/26/2012 5:30:00 AM

Valid to:
5/27/2013 5:29:59 AM

Subject:
CN=Spectra Computers India Private Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Spectra Computers India Private Limited, L=New Mumbai, S=Maharashtra, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7AF117D807D70AD54FCC8FE8B50FA8DC

File PE Metadata
Compilation timestamp:
1/29/2011 8:34:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.0

CTPH (ssdeep):
1536:HFNSpMTnrNULrCPVxCVS5uRJP6wVjOjIOSNz7LD:HCpMHNUKPTAf6w4FSNz7f

Entry address:
0xEFE

Entry point:
55, 8B, EC, 81, EC, 14, 01, 00, 00, 56, 8B, 75, 08, 85, F6, 75, 0D, FF, 75, 0C, E8, 63, 7E, 00, 00, E9, D2, 00, 00, 00, 57, 8D, 56, 38, 6A, 1C, 59, B8, 0C, 33, 01, 00, 8B, FA, F3, AB, B8, D8, 07, 01, 00, 89, 46, 44, 89, 46, 48, 8B, 46, 18, C7, 02, DE, 05, 01, 00, C7, 46, 70, 80, 09, 01, 00, C7, 46, 74, 8E, 07, 01, 00, C7, 46, 78, 2A, 07, 01, 00, C7, 86, A4, 00, 00, 00, 46, 12, 01, 00, C7, 86, 90, 00, 00, 00, BC, 14, 01, 00, C7, 40, 04, FA, 05, 01, 00, C7, 46, 34, F4, 05, 01, 00, E8, 5C, 34, 00, 00, 6A, 45...
 
[+]

Entropy:
4.4993

Developed / compiled with:
Microsoft Visual C++

Code size:
58.5 KB (59,904 bytes)

Driver
Display name:
Shield

Type:
Kernel device driver (KernelDriver)

Group:
Filter


Scan shield.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.