» spyshelter.exe
Overview
Analysis
File Details
Behaviors (1)

spyshelter.exe

Datpol Janusz Siemienowicz

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpyShelter’.

File name:

spyshelter.exe

Publisher:

Datpol Janusz Siemienowicz (signed and verified)

Version:

1.0.0.0

MD5:

3627f63e76786aef50e5455452d9caca

SHA-1:

3c8db819d00b113161abbdd70903b530092051ac

SHA-256:

48e64bebb0ef2f0617010aa314d63885f156e02d69931bfaa4a1cad8c850fd08

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/7/2024 3:42:18 PM UTC (today)

Scan engine

Detection

Engine version

Trend Micro House Call

PAK_Generic.009

7.2.302

Trend Micro

PAK_Generic.009

10.465.29

File size:

2.7 MB (2,881,888 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter personal free\spyshelter.exe

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/26/2014 1:14:04 PM

Valid to:

12/8/2014 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata

Compilation timestamp:

10/23/2014 3:15:08 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:/AgtSoIXxmYwT6PO52l1C4NS9AsQDy8jNDdPKqszxtjB3DtoGRliv/7:/AWSFB51OoCEpZxQqydO37

Entry address:

0x6C0517

Entry point:

9C, C7, 04, 24, 5E, 46, 54, FF, E9, 1C, 49, FF, FF, C7, 44, 24, 24, D9, D7, 00, 66, 60, 8D, 64, 24, 44, E9, E7, AB, 00, 00, FF, 9A, 2C, 56, 7F, 54, B4, 3B, 01, 90, 13, 7D, 15, 67, 27, 9E, 0C, E0, D4, 7F, B5, CC, 8F, 41, B5, BE, CB, A8, 0E, 46, 8C, 3E, D8, DF, B4, 6C, 40, 17, 5E, 84, 13, 93, 20, 6E, 36, A1, D3, 8A, 12, 6C, 24, 9E, 0E, 7D, A7, 32, BD, 1B, 55, E8, 63, A5, 17, DA, 93, B4, 5A, AB, 9F, A6, A4, AF, 3E, CC, 89, D3, 2E, 2F, F4, 6D, F4, 3F, 5E, EE, E0, 3B, 77, D6, FC, B3, DD, 56, 9A, D2, 19, 7B, 8D... 
[+]

Code size:

4 MB (4,161,536 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SpyShelter

Command:

C:\Program Files\spyshelter personal free\spyshelter.exe

Scan spyshelter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.