What app created a zip file

Is there any accurate way to determine what app was used to create a zip file, e..g winzip, 7zip,windows etc. I would rather not upload the file as currently unsure of the content.
LVL 4
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bill PrewIT / Software Engineering ConsultantCommented:
In general I think the answer is no.  I'm assuming it has a .ZIP extension?  There's a small chance that the file signature present in the first 8 or 10 bytes of the file could be a clue though, since some zip creation utilities use their own flavor of zip files and compression.  If you could post those bytes in hex we might get a clue, but likely it will present as a "generic ZIP" file.


»bp

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Yes its a zip extension
.will try the hex info first thing.
☠ MASQ ☠Commented:
Not aware of any program that generates a .zipfile output that appends the name of the software used (nor TBH what use that might be)

The zipfile structure is a standard using a header file 0x04034b50 to identify it in the absence of a file extension.
The file header does allow for the insertion of metadata but this is rarely used unless defined by the user when compressing.

https://en.wikipedia.org/wiki/Zip_(file_format)#File_headers
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Bill PrewIT / Software Engineering ConsultantCommented:
I guess in the interest of trying to help, I will ask "why do you want to know?".  What problem are you trying to solve, can you not open the ZIP, or is there something else?


»bp
Bill PrewIT / Software Engineering ConsultantCommented:
@MASQ,

This is the signature reference list I prefer, and while I agree with what you said (as I also said), notice there are a couple of variants of ZIP extensions that have a slightly different or expanded signature.  It's a long shot that we might get a clue based on signature, but figured it was worth a try.

File Signatures


»bp
pma111Author Commented:
Its an old seemingly unused file sat on a directory on a file server that needs a tidy up, it hasnt been accessed in a couple of years. It is encrypted but we do have a team with password recovery tools available but you need to know the app used to create the zip to progress that, not that its any guarantee they can get access. The authors of the files have long since left.
Bill PrewIT / Software Engineering ConsultantCommented:
Most all ZIP files will present the same to a password recovery tool, so all they should need to know is that it's a ZIP file, not a specific product.  Granted, ZIP compression and encryption can vary a bit, but a decent recovery tool should be able to deal with the common flavors.


»bp
pma111Author Commented:
They tried as a 7zip file (hash mode) and the tool reported back this isnt a 7zip encrypted zip file, and could not progress. Might just accept defeat.
☠ MASQ ☠Commented:
Why not just delete it?  Curiosity and Cats ...

Or move it off into a sandbox somewhere (enough cat refernces :)) and try opening it there if you really need to know what's inside.
Bill PrewIT / Software Engineering ConsultantCommented:
Well, they could try it as a WINZIP file, or PKZIP file, those are two pretty popular ones.


»bp
pma111Author Commented:
Deletion is sounding a decent bet,a waste of peoples time really but management want to know what it was (they equally wouldnt have a clue it even existed until we asked them what they wanted to do with it). Somewhat annoying really that people encrypt files and dont rely on the ACL already protecting access.
Bill PrewIT / Software Engineering ConsultantCommented:
Yes, this is probably a good time to deal with it, and make a decision to keep or delete.  And since you can't decrypt it by known methods then delete seems like the right choice...


»bp
pma111Author Commented:
I wont pretend to know much about sandbox and how that may bypass encryption or reveal content without the password... sounds dangerous!
☠ MASQ ☠Commented:
"I wont pretend to know much about sandbox and how that may bypass encryption or reveal content without the password"

It doesn't help with either but it's a safe environment in case this turns out to be something you wish you hadn't unpacked.
pma111Author Commented:
Ah ok thanks, good point.
John TsioumprisSoftware & Systems EngineerCommented:
There is always the chance that although the file has an extension e.g .zip its actually another file maybe even a .doc or an .xls and someone delibaretly changed to extension to keep it safe.
Here is article with some tools that try to "identify" unknown files
BillDLCommented:
Rename it with a *.docx extension and see if it opens in Microsoft Word.  Some email clients mistakenly identify docx files as zip files and save them to the hard drive as *.zip because that's exactly what they are i.e. zip files with a docx extension.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.