» spysheltertdi.sys
Overview
Analysis
File Details

spysheltertdi.sys

Datpol Janusz Siemienowicz

File name:

spysheltertdi.sys

Publisher:

Datpol Janusz Siemienowicz (signed and verified)

MD5:

f0180ac8a317b17ef1004bb5dd76bb3e

SHA-1:

89fbb531478f1d8c954c385e26c192df81e42b8e

SHA-256:

c28998bd8f0a03e4e2c2485e98f9c9b090a8594fd194211df8ce0e5f9eb3a1eb

Scanner detections:

3 / 68

Status:

Clean (3 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

5/7/2024 4:09:08 AM UTC (today)

Scan engine

Detection

Engine version

McAfee

Generic Obfuscated.c

5600.6984

Trend Micro House Call

PAK_Generic.005

7.2.280

Trend Micro

PAK_Generic.005

10.465.07

File size:

118.3 KB (121,184 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\spyshelter firewall\spysheltertdi.sys

Digital Signature

Signed by:

Datpol Janusz Siemienowicz

Authority:

GlobalSign nv-sa

Valid from:

8/26/2014 12:14:04 PM

Valid to:

12/8/2014 4:09:30 PM

Subject:

E=biuro@datpol.com, CN=Datpol Janusz Siemienowicz, O=Datpol Janusz Siemienowicz, L=Olkusz, S=Malopolskie, C=PL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B2A7BEEB0FC74F69CC135D6161C7095F

File PE Metadata

Compilation timestamp:

10/2/2014 1:02:17 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

3072:WKpcPf3A3yfCtbcgufukwF8d+yv78+nPbiMfnkaN12u:WKKfQ1bcg6ukeo78s+enko8u

Entry address:

0x230AD

Entry point:

E9, 1D, 30, FF, FF, 48, 09, C0, E9, E9, 46, 00, 00, B3, EB, 67, 5C, 91, 07, B5, 55, FB, 94, BB, A4, 49, 82, E5, DD, 72, 07, 81, 66, 2B, 96, 0C, 41, 9B, 40, 13, 0B, 39, 6E, 38, C4, CD, 3D, 9D, ED, 4D, 92, 57, 25, 68, 9B, A4, 88, BA, B1, D6, 07, 97, F5, DE, EF, 66, 56, 80, 5B, 0B, 6A, F1, 5A, 8D, 2C, 9A, A0, 31, 2F, 4F, C8, 1D, 19, 67, 1D, 6F, B1, E1, 96, D4, 6E, 6D, FA, 45, 75, C2, 4E, D4, 3E, CA, 25, 9F, 6F, 5B, 58, FD, 34, 16, E9, D1, 6D, 92, 3E, BA, AB, 41, 3E, CB, 69, 82, 84, 5F, F3, 08, 75, CC, A0, 69... 
[+]

Entropy:

7.4249

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

35.5 KB (36,352 bytes)

Scan spysheltertdi.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.