What app created a zip file

Yes its a zip extension
.will try the hex info first thing.

Not aware of any program that generates a .zipfile output that appends the name of the software used (nor TBH what use that might be)

The zipfile structure is a standard using a header file 0x04034b50 to identify it in the absence of a file extension.
The file header does allow for the insertion of metadata but this is rarely used unless defined by the user when compressing.

https://en.wikipedia.org/wiki/Zip_(file_format)#File_headers

I guess in the interest of trying to help, I will ask "why do you want to know?".  What problem are you trying to solve, can you not open the ZIP, or is there something else?

---

»bp

@MASQ,

This is the signature reference list I prefer, and while I agree with what you said (as I also said), notice there are a couple of variants of ZIP extensions that have a slightly different or expanded signature.  It's a long shot that we might get a clue based on signature, but figured it was worth a try.

File Signatures

---

»bp

Its an old seemingly unused file sat on a directory on a file server that needs a tidy up, it hasnt been accessed in a couple of years. It is encrypted but we do have a team with password recovery tools available but you need to know the app used to create the zip to progress that, not that its any guarantee they can get access. The authors of the files have long since left.

Most all ZIP files will present the same to a password recovery tool, so all they should need to know is that it's a ZIP file, not a specific product.  Granted, ZIP compression and encryption can vary a bit, but a decent recovery tool should be able to deal with the common flavors.

---

»bp

They tried as a 7zip file (hash mode) and the tool reported back this isnt a 7zip encrypted zip file, and could not progress. Might just accept defeat.

Why not just delete it?  Curiosity and Cats ...

Or move it off into a sandbox somewhere (enough cat refernces :)) and try opening it there if you really need to know what's inside.

Well, they could try it as a WINZIP file, or PKZIP file, those are two pretty popular ones.

---

»bp

Deletion is sounding a decent bet,a waste of peoples time really but management want to know what it was (they equally wouldnt have a clue it even existed until we asked them what they wanted to do with it). Somewhat annoying really that people encrypt files and dont rely on the ACL already protecting access.

Yes, this is probably a good time to deal with it, and make a decision to keep or delete.  And since you can't decrypt it by known methods then delete seems like the right choice...

---

»bp

I wont pretend to know much about sandbox and how that may bypass encryption or reveal content without the password... sounds dangerous!

"I wont pretend to know much about sandbox and how that may bypass encryption or reveal content without the password"

It doesn't help with either but it's a safe environment in case this turns out to be something you wish you hadn't unpacked.

Ah ok thanks, good point.

There is always the chance that although the file has an extension e.g .zip its actually another file maybe even a .doc or an .xls and someone delibaretly changed to extension to keep it safe.
Here is article with some tools that try to "identify" unknown files

Rename it with a *.docx extension and see if it opens in Microsoft Word.  Some email clients mistakenly identify docx files as zip files and save them to the hard drive as *.zip because that's exactly what they are i.e. zip files with a docx extension.