» SpyShelterKb.sys
Overview
Analysis
File Details
Behaviors (1)

SpyShelterKb.sys

Datpol Janusz Siemienowicz

It runs as a Windows kernel mode device driver named “SpyshelterKb”.

File name:

SpyShelterKb.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Additional Driver

Version:

3.1.00.00 built by: WinDDK

MD5:

ba46a82ff993f84a222154b21f841a11

SHA-1:

33cec7793e2f893fe299fd42e950ab8af6f219b9

SHA-256:

c6e00eb6da89e6f3556f69a11f3f66fc30c0c99fe95b90ae6e4fc3909d0811cc

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 4:54:27 AM UTC (today)

File size:

180.3 KB (184,672 bytes)

Product version:

3.1

Original file name:

SpyShelterKb.sys

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\spyshelter firewall\spyshelterkb.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

11/1/2013 5:08:56 PM

Valid to:

12/9/2014 12:09:30 AM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112176D4B94E84F997B75286D5F8613C2EFD

File PE Metadata

Compilation timestamp:

6/28/2014 8:54:29 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:+TQxMT6iv3ROOP8Czydc0LrW8un3RWp8CLPlutpAcPUkV2tGFA:+TQxOv3ROOecMWfEp3Lt4pFd2Gq

Entry address:

0x5B3B6

Entry point:

E9, 3D, 01, 00, 00, 8D, 64, 24, 34, 0F, 84, DA, 42, FE, FF, F9, 2C, 30, F8, 68, A5, A2, F5, 7D, 88, 14, 24, 3C, 09, 60, 8D, 64, 24, 24, 0F, 87, 2A, F9, FF, FF, E8, 13, CF, FF, FF, 27, 57, E8, 53, FF, FF, FF, 11, AF, 3C, 31, 4B, D6, B3, CF, 14, 38, E2, E5, FF, DC, BF, 42, 54, C1, D9, 46, EB, 1C, DF, 58, 9D, 76, 0F, 46, 91, 4C, A9, 88, D9, C4, 11, C0, DA, 8F, 57, A4, 7C, 12, E5, BD, D2, 41, 47, 19, 03, 3A, 1E, C2, A4, F0, 24, 13, 60, AC, E5, B4, D0, 3F, 45, 1B, 09, C6, BE, 54, 85, CB, 4C, F5, 8F, D8, 42, C8... 
[+]

Entropy:

7.8275

Packer / compiler:

Xtreme-Protector v1.05

Code size:

40 KB (40,960 bytes)

Driver

Display name:

SpyshelterKb

Type:

Kernel device driver (KernelDriver)

Depends on:

SpyShelter

Scan SpyShelterKb.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.