home

winlock.exe

WinLock

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock

Version:
7.2.1.0

MD5:
010906eb60a5469b7061a08e5ef3f906

SHA-1:
1ebb65ca9873476db5f75a363336b69d0ef39c6b

SHA-256:
72aed3aa5542a8845981ba9fdc44c91a4c12a558f935c3cc18fa8afc8eab7ead

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 4:50:05 AM UTC  (today)

File size:
3.3 MB (3,430,688 bytes)

Product version:
7.21

Copyright:
© 2017 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlock\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 7:00:00 AM

Valid to:
5/24/2017 7:00:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D6FC35019AE937213BFF4BA9367C2D4

File PE Metadata
Compilation timestamp:
2/21/2017 1:18:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 70, CA, 00, E8, 01, 00, 00, 00, C3, C3, FF, 37, 1B, D2, 03, 7D, 81, 27, 17, 99, A4, 42, 74, D6, 28, 02, 1F, D7, 3D, 55, 6A, 8D, 3D, 0F, C2, 2B, 49, 27, E3, 46, D6, 43, B9, 6B, B2, 13, 3D, 27, FB, 54, 1B, E1, 07, 5A, C2, BB, 31, A7, EC, 6B, 59, 97, 4E, 38, D1, E7, ED, 55, 8B, 7D, 76, F9, 34, CB, 78, FA, CC, F8, A9, 5C, B6, E0, 53, 0A, F3, 1D, 3F, 85, 66, EB, D5, 90, F1, CE, 5C, 83, E6, F7, A0, 25, CD, 7C, 94, C1, CD, 4F, 0C, 1E, CB, 94, DD, FC, A5, C2, A0, B9, A4, E5, 0A, A5, 0F, 8A, 73, DE, CC, 76...
 
[+]

Entropy:
7.9381

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
5.6 MB (5,832,704 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlock\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.