From Phrozen Software
Yet another version of Winja is released with one major functionality added and a few medium and minor changes too.

The major functionality to be present in v7 is a new Extra Tools feature called “File Monitor” which shows in the form of an ordered tree list all the files that are getting updated or created in your system (In real time)

For example, if Malware gets executed on your system and copies itself, or copies a variant of itself in another directory, this feature will be able to highlight this behavior and let you send the sample to VirusTotal.

Another example is if the Malware infects a file (Like a virus does), it will also be highlighted by the File Monitor.

Another change in v7 is the ability to scan a folder(s) through Microsoft Windows Explorer contextual menu. A lot of Winja users asked to see this feature added in a future version, it is now reality.

Notice only the first level of the folder is scanned, it doesn’t scan recursively. It is not the main purpose of Winja to scan possible thousands of files at the same time.

WinjaGo, a future Software will be dedicated to the task of scanning the whole system by pressing a single button. No ETA has yet been defined.

Few minor bugs have been fixed which makes Winja even more stable than it was before.

Finally, minor updates have been pushed through for the Phrozen Engine and Phrozen System frameworks to always offer the best modern interface possible to our users - still natively with a full packaged application which weighs less than 20Mo (Uncompressed).

Winja now officially supports the German language. Big thanks go to Fred de Vries (@fredvries) for his hard work in translating Winja.


- 2019/05/27 : Overall stability improved and few tiny bugs fixed.
- 2019/05/28 : Better command line support. You can continue to scan files through command line while Winja is already running.
- 2019/05/31 : Most lists now support tablet mode (The list rows height can be set to big or normal[default]).
- 2019/05/31 : Extra Tools, you can send selected / checked items by clicking on new bottom buttons (optimized for tablet usage).
- 2019/06/08 : Quick Process Scan, you can now scan all running process.
- 2019/06/10 : Shell Extension patching improved to patch system with newest version of Shell Extension.
- 2019/06/10 : Shell Extension now support scanning folder (only one sub level).
- 2019/06/10 : Shell Extension now allow to open/restore Winja directly from Explorer Context Menu.
- 2019/06/13 : Main window now has a blue ribbon, it will be later possible to customize this ribbon for a future special feature.

Download Link:

Coming in next version (v8):

  • Extra Tools: File Explorer (Support ADS)
  • Explorer Contextual Menu will support browse folder with Winja File Explorer
  • Monitor Path(s): User will be able to setup custom path to be monitored in real time by Winja to automatically send new files to VirusTotal.







Level 2
@Tigzy The detection as keylogger for Winja,, is a false-positive, or not?

Winja v5.1 - Phrozen

Not sure about this Threat Description - Adlice Software

I saw that the developer of Winja probably made a keylogger, but also other things I think?

Thank you.

Hey, no it's not. We are aware here's a great dev and such, but still this is a keylogger and having it installed on a machine may be for bad purposes so we've chosen to detect. You can add exclusion if you want :)

EDIT: I see what you mean, we'll try to modify the rule to only detect Keylogger.

What about this ?


From Phrozen Software
It improved a lot the last months. But that’s my

I am just curious, but @JPLesueur maybe can tell us more :)

There is no such function in Winja. I don't know why tigzy app detect Winja as a keylogger. I don't use any API's which could led to monitor keyboard / mouse or things like that.

Anyway, Winja is not compressed nor packed, anybody with a little RE skill would confirm what I'm saying.

If tigzy read that post, please give more information about what patterns could trigger a such alert (even if not directly related to keyboard / mouse)

I'm sure it's misunderstanding and he will fix that soon.