home

winlock.exe

WinLock

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock

Version:
7.1.1.0

MD5:
20223aa16e58169afe3113a118f019e8

SHA-1:
1510ece1dd97dbaefa6c4b24076b3b83015b7629

SHA-256:
4dace93c8e76ad2c75c4ec927bd3373f7ab1a14ffe802714b019f54d342ecb73

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:49:33 AM UTC  (today)

File size:
3 MB (3,152,160 bytes)

Product version:
7.11

Copyright:
© 2016 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlock\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 2:00:00 AM

Valid to:
5/24/2017 2:00:00 AM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D6FC35019AE937213BFF4BA9367C2D4

File PE Metadata
Compilation timestamp:
8/26/2016 7:38:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 00, BB, 00, E8, 01, 00, 00, 00, C3, C3, 0D, A6, 09, 57, 87, 93, 49, 70, 96, 46, 42, 8A, C8, 8E, 3C, 08, 0A, AF, 90, 69, 23, 1F, FC, 0B, F6, 61, 2D, 26, 8B, 9F, B0, 0E, 1B, E1, B3, F6, 5B, 62, 21, 78, EC, 9F, BE, 07, 6B, 8A, 33, 31, 95, F5, 3E, 10, 1D, A0, 61, E7, 4D, 55, 8B, 7A, A0, C9, 47, AB, 81, 40, BC, FA, 55, 5A, 1C, 18, C9, 4D, 03, E3, FC, 20, 53, CD, 0D, B4, B1, B2, E0, 6D, 3A, A4, E3, A1, 6D, 5B, B9, 50, 44, A6, 0F, 48, 0B, E3, 30, 8A, 8C, C9, 9B, 6B, 75, 90, 6F, ED, EA, ED, 83, 33, 7C, 9E...
 
[+]

Entropy:
7.9288

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.7 MB (4,968,448 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlock\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.