» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

6.01.00.00 built by: Windows

MD5:

6e0a534addd260f491abeb087ba6a7b9

SHA-1:

229c73b152ba2fb221b2e2cc193d912dacbe0dc0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 7:54:15 AM UTC (today)

File size:

151.3 KB (154,936 bytes)

Product version:

6.01

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

9/9/2012 2:58:51 AM

Valid to:

11/7/2013 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EAB2799A417769A6985740A2E4F3F285

File PE Metadata

Compilation timestamp:

10/21/2012 9:56:56 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:8CkexqWhkjHAoDGAwpv6wPoKd3s09Kwt+O3UZ8:8ChXhkjFGrJ6wwKJ9KYD35

Entry address:

0x4A0C5

Entry point:

60, C7, 44, 24, 1C, 2A, 9C, 05, 00, 54, C7, 44, 24, 1C, 49, E4, 76, 4C, FF, 34, 24, 60, 9C, 8D, 64, 24, 44, E9, 01, 5B, 01, 00, C6, 44, 24, 04, B4, 60, 89, 4D, F0, 80, FA, 3D, 66, 0F, C9, 8D, 8C, 24, FA, F2, CE, 28, 9C, 8B, 4D, 0C, F8, 9C, F9, 81, F9, FF, FF, 00, 00, 9C, E9, 23, FB, FF, FF, F5, 66, 0F, BA, E5, 0F, FF, 34, 24, F6, D8, F8, E8, 6A, 25, 00, 00, 9C, 3A, 07, 66, 0F, C8, 8D, 7F, 01, 8D, 85, 65, CE, 23, 63, 8B, 44, 24, 40, 9C, 8D, 64, 24, 48, 0F, 87, C3, 08, 00, 00, E9, A1, E0, FF, FF, 00, 00, 46... 
[+]

Entropy:

7.8399 (probably packed)

Code size:

114.5 KB (117,248 bytes)

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.