» SpyShelterKb.sys
Overview
Analysis
File Details
Behaviors (1)

SpyShelterKb.sys

Datpol Janusz Siemienowicz

It runs as a Windows 64-bit kernel mode device driver named “SpyshelterKb”.

File name:

SpyShelterKb.sys

Publisher:

SpyShelter (signed by Datpol Janusz Siemienowicz)

Product:

SpyShelter

Description:

SpyShelter Additional Driver

Version:

2.2.00.00 built by: WinDDK

MD5:

a997cac433ee23339624fb309224f643

SHA-1:

4c104edc2c0265b18b48baa5c4482ee6a9f0fb66

SHA-256:

b8d431342aa7ff9eb7cd2fa99f8ae6a9ee847a12fda463d8571093cc3ea6fc98

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 12:50:02 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.7206

File size:

210.3 KB (215,352 bytes)

Product version:

2.2

Original file name:

SpyShelterKb.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\spyshelter premium\spyshelterkb.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

9/9/2012 2:58:51 AM

Valid to:

11/7/2013 5:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, OU=Datpol, O=Datpol Janusz Siemienowicz, L=Olkusz, S=malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EAB2799A417769A6985740A2E4F3F285

File PE Metadata

Compilation timestamp:

4/3/2013 11:52:30 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:m1iMe7w9CzLYKvfqal87XXH1ReXElqKQJF3f8:m1TeM9CfXdw1lqKQX3f8

Entry address:

0x55B73

Entry point:

0F, 86, A0, 39, 01, 00, 68, C9, E0, FF, 6F, E9, D2, 36, 01, 00, AF, 28, 17, CA, 21, D4, E6, 94, D8, D7, 1A, B9, 61, 68, 89, 0C, 43, F6, 8D, 40, 9F, 52, F9, 2C, 33, E6, 1D, D0, 8F, 42, 51, 84, 53, 86, 9D, 50, 17, B4, 8A, 1B, 7D, 7A, 61, FE, 54, CE, AF, 16, A8, 89, 70, 57, 24, C1, 9B, B5, C8, F7, BD, A2, 5F, 4C, 86, 98, 65, 89, 0B, 91, D2, A5, 77, 5C, 4B, 57, A7, 50, C3, BA, 4E, 70, 57, DC, AB, 7A, 1C, 3B, EE, E5, 18, BF, 72, B1, 64, 4B, FE, 25, D8, AF, 62, F9, 2C, 4E, F1, 29, D6, 77, 1E, C4, 25, 8E, EF, C0... 
[+]

Code size:

43 KB (44,032 bytes)

Driver

Display name:

SpyshelterKb

Type:

Kernel device driver (KernelDriver)

Depends on:

SpyShelter

Scan SpyShelterKb.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.