home

winlock.exe

WinLock

Denis Zolotov

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘0wl’.
Publisher:
Crystal Office Systems  (signed by Denis Zolotov)

Product:
WinLock

Version:
6.2.1.0

MD5:
5e23ed0737029cfaa3f30812d7814e9d

SHA-1:
4215b9640850935ac2a6e10813542a6912d64251

SHA-256:
2ce57bf1cabffa69a120d1b7d15bc623e8bb75ad505f22b275e425e91c1873bb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/6/2024 2:06:38 AM UTC  (today)

File size:
2.7 MB (2,793,944 bytes)

Product version:
6.21

Copyright:
© 2014 Crystal Office Systems

Original file name:
winlock.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winlock\winlock.exe

Digital Signature
Signed by:
Denis Zolotov

Authority:
DigiCert Inc

Valid from:
3/21/2014 5:30:00 AM

Valid to:
5/24/2017 5:30:00 PM

Subject:
CN=Denis Zolotov, O=Denis Zolotov, L=Moscow, C=RU

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
066E0B9E4389A41EF2FA9A9F103ACC27

File PE Metadata
Compilation timestamp:
7/9/2014 5:59:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

Entry address:
0x1000

Entry point:
68, 01, 00, AB, 00, E8, 01, 00, 00, 00, C3, C3, B4, 2F, 39, 11, 83, 91, 48, E7, D9, C6, 01, 0A, C8, 9C, 05, 3D, 46, C6, 01, E9, 7D, 48, E4, 0F, 65, 09, 41, EE, 82, EC, 8E, D8, 39, 48, 43, B1, DF, 56, 80, 16, 01, 14, 06, 66, 42, B0, 71, AC, 79, 38, A2, DA, AC, D6, E8, 43, 52, BE, 92, 67, 77, C0, 92, 58, 70, E2, CB, B6, 0A, A4, 2D, 21, 81, 0F, 9F, 9D, 81, 25, 26, 19, 8B, 5E, 4B, FD, B6, 1A, 7A, 00, D7, 0A, 3A, 15, 95, 7C, 0E, 46, 5C, 57, 9F, EA, 07, F5, C6, A4, 64, 97, C1, 04, CF, FE, 75, 4D, 86, B8, DA, 4D...
 
[+]

Entropy:
7.9559

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
4.1 MB (4,276,224 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0wl

Command:
C:\Program Files\winlock\winlock.exe


Scan winlock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.