KZipShell.dll

Shanghai Guangle Network Technology Co., Ltd.

The module KZipShell.dll by Shanghai Guangle Network Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “KuaiZipShlExt”.
Publisher:

Version:
2.8.3.4

MD5:
410fe08d9e1dd1b2a56c36c8853c97ac

SHA-1:
8d9c3fe12b8e91a55304af893938ebc7c5b957a7

SHA-256:
94e5ac9e458358a21e80e7ea899aa66464aa42612258caf01f134fd46e817e46

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:31:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.KuaiZip (M)
16.9.21.7

File size:
463.2 KB (474,272 bytes)

Product version:
2.8.3.4

Copyright:
Copyright (c) 上海广乐网络科技有限公司, All rights reserved

Original file name:
KZipShell.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\kuaizip\x86\kzipshell.dll

Digital Signature
Authority:
WoSign CA Limited

Valid from:
7/13/2016 3:41:43 PM

Valid to:
7/13/2017 3:41:43 PM

Subject:
CN="Shanghai Guangle Network Technology Co., Ltd.", O="Shanghai Guangle Network Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
40757B407A929353C165458EE6664935

Registration
CLSIDs:
{2FB831EA-DA68-4A66-8E31-A2D976A6296C}, {3DCCD550-7586-40D2-A51D-D2F98EC06B3C}, {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}, {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}, {C9487131-EF4C-40D9-BA70-E85356CAF67E}

ProgIDs:
QZipShell.PropertyExt.1, QZipShell.DragDropMenu.1, QZipShell.ContextMenuExt.1, QZipShell.KzShlobj.1, QZipShell.KYDropHandler.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
7/15/2016 9:23:03 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:rrzJa/W3Bl4cOpbggQjwVcuuxxTa0PgzTqD:0Oxl4cOpbggQjwVctQsTD

Entry address:
0x1A3C2

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 7F, 97, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01...
 
[+]

Code size:
208 KB (212,992 bytes)

Context Menu Handler
Display name:
KuaiZipShlExt

CLSID:
{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E}

CLSID name:
ContextMenuExt Class


Remove KZipShell.dll - Powered by Reason Core Security