home

jzipshell.dll

jZip

Discordia Limited

The module jzipshell.dll, “jZip shell extension” by Discordia Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “jZip”. This file is typically installed with the program jZip by Discordia Limited which is a potentially unwanted software program.
Publisher:
Discordia Limited  (signed and verified)

Product:
jZip

Description:
jZip shell extension

Version:
1.2.0.43875

MD5:
59e6455b7d208e0b48dfb88e4c0eac0b

SHA-1:
2240793f5d071e5d7f921db6a74297cf26924953

SHA-256:
3b458201f81312d0e249a56e2a047ab8e2020da8c9d5ad79f1fe8eea4c194b03

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 8:16:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Handler.Discordia
15.3.18.8

File size:
453.4 KB (464,320 bytes)

Product version:
1.2

Copyright:
Copyright (C) 2007 by Discordia Limited

Original file name:
jZipShell.exe

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\jzip\jzipshell.dll

Digital Signature
Signed by:
Discordia Limited

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/20/2007 2:00:00 AM

Valid to:
7/12/2008 1:59:59 AM

Subject:
CN=Discordia Limited, OU=SECURE APPLICATION DEVELOPMENT, O=Discordia Limited, L=Limassol, S=Limassol, C=CY

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
11AFC84D429F1051969C3D383A099739

Registration
CLSID:
{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}

ProgID:
jZipShell.jZipShellExt.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/29/2008 10:52:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:v3tWogo+82p7ounRuMMsuK6V6rEZARRC5dSTL5A/PAOwa5W9FMfIdqX/:v3tWo+Jp7XIMMnK6KfydSv+AOwaE9

Entry address:
0x29F84

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, B6, 92, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 8B, 44, 24, 04, 85, C0, 56, 8B, F1, C6, 46, 0C, 00, 75, 63, E8, 55, 59, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 70, 64, 06, 10, 74, 12, 8B, 0D, 88, 63, 06, 10, 85, 48, 70, 75, 07, E8, 70, 14, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 60, 69, 06, 10, 74, 16, 8B, 46, 08, 8B, 0D, 88, 63, 06, 10, 85, 48, 70, 75, 08, E8, E7, 94, 00, 00, 89, 46, 04...
 
[+]

Entropy:
6.5432

Code size:
340 KB (348,160 bytes)

Context Menu Handler
Display name:
jZip

CLSID:
{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}

CLSID name:
jZipShellExt Class


The file jzipshell.dll has been discovered within the following program.

jZip  by Discordia Limited
Publisher's description - “jZip lets you open files in many archive formats, including the popular RAR format. RAR files are compressed archives, which are files that are designed to store both single and groups of related files while minimizing their memory size to save on storage space.”
www.jzip.com
71% remove it
 
Powered by Should I Remove It?

Remove jzipshell.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.