» KZipShell.dll
Overview
Analysis
File Details
Behaviors (1)

KZipShell.dll

Shanghai Guangle Network Technology Co., Ltd.

The module KZipShell.dll by Shanghai Guangle Network Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “KuaiZipShlExt”.

File name:

KZipShell.dll

Publisher:

Shanghai Guangle Network Technology Co., Ltd. (signed and verified)

Version:

2.8.3.4

MD5:

410fe08d9e1dd1b2a56c36c8853c97ac

SHA-1:

8d9c3fe12b8e91a55304af893938ebc7c5b957a7

SHA-256:

94e5ac9e458358a21e80e7ea899aa66464aa42612258caf01f134fd46e817e46

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 10:51:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.KuaiZip (M)

16.9.21.7

File size:

463.2 KB (474,272 bytes)

Product version:

2.8.3.4

Original file name:

KZipShell.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\kuaizip\x86\kzipshell.dll

Digital Signature

Signed by:

Shanghai Guangle Network Technology Co., Ltd.

Authority:

WoSign CA Limited

Valid from:

7/13/2016 3:41:43 PM

Valid to:

7/13/2017 3:41:43 PM

Subject:

CN="Shanghai Guangle Network Technology Co., Ltd.", O="Shanghai Guangle Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:

40757B407A929353C165458EE6664935

Registration

CLSIDs:

{2FB831EA-DA68-4A66-8E31-A2D976A6296C}, {3DCCD550-7586-40D2-A51D-D2F98EC06B3C}, {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}, {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, {C9487131-EF4C-40D9-BA70-E85356CAF67E}

ProgIDs:

QZipShell.PropertyExt.1, QZipShell.DragDropMenu.1, QZipShell.ContextMenuExt.1, QZipShell.KzShlobj.1, QZipShell.KYDropHandler.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

7/15/2016 9:23:03 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:rrzJa/W3Bl4cOpbggQjwVcuuxxTa0PgzTqD:0Oxl4cOpbggQjwVctQsTD

Entry address:

0x1A3C2

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 7F, 97, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01... 
[+]

Code size:

208 KB (212,992 bytes)

Context Menu Handler

Display name:

KuaiZipShlExt

CLSID:

{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}

CLSID name:

ContextMenuExt Class

Remove KZipShell.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.