home

wzShellctx.dll

WinZipper

Chencheng Cai

The module wzShellctx.dll, “WinZipper Shell Context Menu” by Chencheng Cai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Winzipper Pvt Ltd.  (signed by Chencheng Cai)

Product:
WinZipper

Description:
WinZipper Shell Context Menu

Version:
2.0.0.1

MD5:
6e4a24963d29133c27ce83eee02ce5d7

SHA-1:
99eccbc559780e5a99ed07628f2e0346b666adb7

SHA-256:
7b5214b8833822bd84f4d7a5ddd780ae9e44dd312efd3d365b48b2d7b2d6149f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2024 11:00:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Winzipper (M)
16.8.9.17

File size:
171.8 KB (175,872 bytes)

Product version:
2.0.0.1

Copyright:
Copyright (c) 2015 Winzipper Pvt Ltd. All Rights Reserved.

Original file name:
wzShellctx.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\omigazip\wzshellctx.dll

Digital Signature
Signed by:
Chencheng Cai

Authority:
thawte, Inc.

Valid from:
1/17/2016 10:00:00 PM

Valid to:
1/17/2017 9:59:59 PM

Subject:
CN=Chencheng Cai, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3308CED5C19726541B196F805AC50CD0

File PE Metadata
Compilation timestamp:
2/16/2016 8:05:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:S2l4GwiwLDwXXAJxwyg1prfWn+ZOy9zIITb+2I8ifb:5l4GXoIWwNKy+2az

Entry address:
0xB8EE

Entry point:
73, 74, 45, 76, 74, 3A, 63, 68, 61, 6E, 67, 65, 64, 3D, 22, 2F, 22, 2F, 3E, 20, 3C, 72, 64, 66, 3A, 6C, 69, 20, 73, 74, 45, 76, 74, 3A, 61, 63, 74, 69, 6F, 6E, 3D, 22, 73, 61, 76, 65, 64, 22, 20, 73, 74, 45, 76, 74, 3A, 69, 6E, 73, 74, 61, 6E, 63, 65, 49, 44, 3D, 22, 78, 6D, 70, 2E, 69, 69, 64, 3A, 38, 42, 39, 46, 34, 34, 46, 39, 38, 33, 37, 32, 45, 35, 31, 31, 41, 36, 38, 37, 46, 36, 39, 38, 31, 42, 38, 43, 31, 45, 44, 36, 22, 20, 73, 74, 45, 76, 74, 3A, 77, 68, 65, 6E, 3D, 22, 32, 30, 31, 35, 2D, 31, 30...
 
[+]

Code size:
81.5 KB (83,456 bytes)

Remove wzShellctx.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.