» spyshelter.sys
Overview
Analysis
File Details
Behaviors (1)

spyshelter.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “Spyshelter”.

File name:

spyshelter.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Driver

Version:

4.20.00.00 built by: Windows

MD5:

f7a26f7b338c651c50071235c32b1aed

SHA-1:

86db03bef0a84504c941d096fc5af71b124cac02

SHA-256:

119661e6c4bdbcfa5626c1784c60551d4b2ae17e1c64a91d01f94937e4abdb03

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/19/2024 4:07:48 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Virtumod

9.0.1.0364

File size:

175.3 KB (179,512 bytes)

Product version:

4.20

Original file name:

SpyShelterDrv.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelter.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ECF13B8CE637B81F878ED4D17A65C14B

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

3072:rMBKJJ508RoKjfAi24kSx9z0h/SpyzqN6+u/hwv6VMfPtcPv2cnoWZ:rvKIoKjfA8xh0opyzqA+uSu0PtgvX

Entry point:

E9, 3B, B9, FE, FF, 00, 00, 4B, 65, 49, 6E, 69, 74, 69, 61, 6C, 69, 7A, 65, 45, 76, 65, 6E, 74, 00, E9, FD, C4, FE, FF, E9, 42, 93, FE, FF, 51, E8, 5C, 96, FE, FF, 8B, 7C, 24, 04, 66, 0F, BE, F1, 5E, 8B, 74, 24, 04, 66, F7, D3, 8B, 5C, 24, 08, E8, E6, A7, FD, FF, E8, 5E, 06, 00, 00, 00, 00, 5A, 77, 43, 72, 65, 61, 74, 65, 4B, 65, 79, 00, 10, C0, 9C, 60, 8D, 64, 24, 2C, 0F, 83, E1, C5, FE, FF, 60, 8D, 64, 24, 20, 0F, 85, 95, A5, FE, FF, 55, E8, 09, FA, FF, FF, EA, B4, 44, 9C, 78, 1C, 00, BD, DB, E1, 0C, E5... 
[+]

Entropy:

7.8670

Packer / compiler:

Xtreme-Protector v1.05

Driver

Display name:

Spyshelter

Description:

Spyshelter driver

Type:

Kernel device driver (KernelDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Scan spyshelter.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.